Compare commits
74 Commits
lisadurant
...
57.1.0
| Author | SHA1 | Date | |
|---|---|---|---|
| f0137814c9 | |||
| 16fd539366 | |||
| 442069aa67 | |||
| 28dff42f5f | |||
| 368fa2ba2e | |||
| b146ad56b3 | |||
| 686253599c | |||
| 9080037994 | |||
| 78f22f8ed5 | |||
| b46d89e078 | |||
| a566f84674 | |||
| 01dd44acdc | |||
| 1014e66058 | |||
| 9b42daf4c0 | |||
| a532a5eabc | |||
| 9831de32bc | |||
| f3a0053f4c | |||
| eaff5b490c | |||
| 90921100be | |||
| cc5a53e5a4 | |||
| 0cb275e219 | |||
| 0462b7eb43 | |||
| d1d2971125 | |||
| 616ecbc831 | |||
| 61c0cb0eb3 | |||
| ce20f243b6 | |||
| 3487c9fdb6 | |||
| f166861198 | |||
| 00dfee338c | |||
| 560b9f1ff6 | |||
| 35fb1119fb | |||
| 8396c0de20 | |||
| 541e70232b | |||
| 7ef8c04eef | |||
| 43580c8a5d | |||
| d27891b463 | |||
| 53f8dcfa69 | |||
| 55a17e0b76 | |||
| 7d3dcf6fe1 | |||
| c8b1ad3059 | |||
| 990728c288 | |||
| 4b62f278ef | |||
| 28f4e871e5 | |||
| e2b335d84b | |||
| e5ea67a8b4 | |||
| cb992b92e5 | |||
| 7dd8cd5112 | |||
| 5db6031514 | |||
| 70d639ca4e | |||
| 95b8a984ca | |||
| 3f0979d531 | |||
| c164995fbf | |||
| 3a22af41bd | |||
| 59e8ebcd98 | |||
| 5d0bfa8e4e | |||
| 4b4bbd13f3 | |||
| 77aac91a9f | |||
| 0c51e4c7be | |||
| 0adb4a9fc7 | |||
| 1a821d1032 | |||
| 1fa72df38c | |||
| 8123c3db21 | |||
| 595206fdc9 | |||
| 7d1dfaa1bd | |||
| de46a3ca1f | |||
| 298a49e994 | |||
| 786e5717d2 | |||
| 6ed696ec15 | |||
| e82e7a3208 | |||
| d9da79bb8d | |||
| 670344d45a | |||
| b5168a2dc3 | |||
| 1b4585d89c | |||
| 4b91e48ef5 |
@ -11,7 +11,7 @@
|
||||
# Eclipse Foundation. All other trademarks are the property of their respective owners.
|
||||
#
|
||||
|
||||
FROM docker-all.repo.sonatype.com/alpine/helm:3.9.3
|
||||
FROM docker-all.repo.sonatype.com/alpine/helm:3.10.1
|
||||
|
||||
RUN apk update && apk upgrade && \
|
||||
apk add --no-cache bash git openssh
|
||||
|
||||
@ -17,16 +17,6 @@ final jira = [
|
||||
credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
|
||||
]
|
||||
|
||||
final jiraVersionMappings = [
|
||||
'nexus-repository-manager': 'helm-nxrm',
|
||||
'nxrm-aws-resiliency': 'helm-nxrm-aws-resiliency'
|
||||
]
|
||||
|
||||
final chartLocation = [
|
||||
'nexus-repository-manager': 'nexus-repository-manager',
|
||||
'nxrm-aws-resiliency': 'nxrm-aws-resiliency'
|
||||
]
|
||||
|
||||
properties([
|
||||
parameters([
|
||||
string(
|
||||
@ -54,8 +44,9 @@ dockerizedBuildPipeline(
|
||||
runSafely "git checkout ${gitBranch(env)}"
|
||||
runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
|
||||
runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
|
||||
runSafely './build.sh'
|
||||
runSafely 'git add nxrm-aws-resiliency nexus-repository-manager'
|
||||
runSafely './build.sh'
|
||||
runSafely 'git add nxrm-aws-resiliency'
|
||||
runSafely 'git add nexus-repository-manager'
|
||||
},
|
||||
skipVulnerabilityScan: true,
|
||||
archiveArtifacts: 'docs/*',
|
||||
|
||||
11
README.md
11
README.md
@ -12,6 +12,15 @@
|
||||
Eclipse Foundation. All other trademarks are the property of their respective owners.
|
||||
|
||||
-->
|
||||
# ⚠️ Archive Notice
|
||||
|
||||
As of October 24, 2023, we will no longer update or support the [Single-Instance OSS/Pro Helm Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager).
|
||||
|
||||
Deploying Nexus Repository in containers with an embedded database has been known to corrupt the database under some circumstances. We strongly recommend that you use an external PostgreSQL database for Kubernetes deployments.
|
||||
|
||||
If you are deploying in AWS, you can use our [AWS Helm chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nxrm-aws-resiliency) to deploy Nexus Repository in an EKS cluster.
|
||||
|
||||
We do not currently provide Helm charts for on-premises deployments using PostgreSQL. For those wishing to deploy on premises, see our [Single Data Center On-Premises Deployment Example Using Kubernetes documentation](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-data-center-on-premises-deployment-example-using-kubernetes) for information and sample YAMLs to help you plan a resilient on-premises deployment.
|
||||
|
||||
## Helm Charts for Sonatype Nexus Repository Manager 3
|
||||
|
||||
@ -22,7 +31,7 @@ See the [AWS Single-Instance Resiliency Chart](https://github.com/sonatype/nxrm3
|
||||
* Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
|
||||
* Using an external PostgreSQL database (required)
|
||||
|
||||
See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager) if you are doing the following:
|
||||
See the [Single-Instance OSS/Pro Helm Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager) if you are doing the following:
|
||||
* Using embedded OrientDB (required)
|
||||
* Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node)
|
||||
* Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured
|
||||
|
||||
2
build.sh
2
build.sh
@ -12,7 +12,7 @@
|
||||
# Eclipse Foundation. All other trademarks are the property of their respective owners.
|
||||
#
|
||||
|
||||
helm plugin install https://github.com/quintush/helm-unittest
|
||||
helm plugin install --version "0.2.11" https://github.com/quintush/helm-unittest
|
||||
|
||||
set -e
|
||||
|
||||
|
||||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
docs/nexus-repository-manager-42.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-42.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-42.0.1.tgz
Normal file
BIN
docs/nexus-repository-manager-42.0.1.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-43.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-43.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-44.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-44.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-45.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-45.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-45.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-45.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-46.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-46.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-47.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-47.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-48.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-48.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-49.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-49.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-50.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-50.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-51.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-51.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-52.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-52.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-53.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-53.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-53.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-53.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-54.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-54.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-54.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-54.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-55.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-55.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-56.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-56.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-57.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-57.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-57.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-57.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-58.0.0.tgz
Normal file
BIN
docs/nexus-repository-manager-58.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nexus-repository-manager-58.1.0.tgz
Normal file
BIN
docs/nexus-repository-manager-58.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-42.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-42.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-42.0.1.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-42.0.1.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-43.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-43.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-44.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-44.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-45.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-45.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-45.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-45.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-46.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-46.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-47.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-47.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-48.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-48.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-49.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-49.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-50.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-50.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-51.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-51.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-52.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-52.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-53.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-53.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-53.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-53.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-54.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-54.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-54.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-54.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-55.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-55.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-56.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-56.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-57.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-57.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-57.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-57.1.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-58.0.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-58.0.0.tgz
Normal file
Binary file not shown.
BIN
docs/nxrm-aws-resiliency-58.1.0.tgz
Normal file
BIN
docs/nxrm-aws-resiliency-58.1.0.tgz
Normal file
Binary file not shown.
24
nexus-repository-manager/.helmignore
Normal file
24
nexus-repository-manager/.helmignore
Normal file
@ -0,0 +1,24 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
*.tar
|
||||
@ -3,10 +3,10 @@ name: nexus-repository-manager
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
version: 41.1.3
|
||||
version: 57.1.0
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application.
|
||||
appVersion: 3.41.1
|
||||
appVersion: 3.57.1
|
||||
|
||||
description: Sonatype Nexus Repository Manager - Universal Binary repository
|
||||
|
||||
|
||||
@ -12,6 +12,15 @@
|
||||
Eclipse Foundation. All other trademarks are the property of their respective owners.
|
||||
|
||||
-->
|
||||
# ⚠️ Archive Notice
|
||||
|
||||
As of October 24, 2023, we will no longer update or support this Helm chart.
|
||||
|
||||
Deploying Nexus Repository in containers with an embedded database has been known to corrupt the database under some circumstances. We strongly recommend that you use an external PostgreSQL database for Kubernetes deployments.
|
||||
|
||||
If you are deploying in AWS, you can use our [AWS Helm chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nxrm-aws-resiliency) to deploy Nexus Repository in an EKS cluster.
|
||||
|
||||
We do not currently provide Helm charts for on-premises deployments using PostgreSQL. For those wishing to deploy on premises, see our [Single Data Center On-Premises Deployment Example Using Kubernetes documentation](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/single-data-center-on-premises-deployment-example-using-kubernetes) for information and sample YAMLs to help you plan a resilient on-premises deployment.
|
||||
|
||||
# Nexus Repository
|
||||
|
||||
@ -67,14 +76,9 @@ Do not use this Helm chart and, instead, refer to our [resiliency documentation]
|
||||
|
||||
By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=<my>/<image>`.
|
||||
|
||||
### With Red Hat Certified container
|
||||
## Adding the Sonatype Repository to your Helm
|
||||
|
||||
If you're looking run our Certified Red Hat image in an OpenShift4 environment, there is a Certified Operator in OperatorHub.
|
||||
|
||||
---
|
||||
|
||||
## Adding the repo
|
||||
To add as a Helm Repo, use the following:
|
||||
To add as a Helm Repo
|
||||
```helm repo add sonatype https://sonatype.github.io/helm3-charts/```
|
||||
|
||||
---
|
||||
@ -111,6 +115,7 @@ The default login is randomized and can be found in `/nexus-data/admin.password`
|
||||
by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`.
|
||||
|
||||
---
|
||||
|
||||
## Uninstalling the Chart
|
||||
|
||||
To uninstall/delete the deployment, use the following:
|
||||
@ -133,16 +138,16 @@ The following table lists the configurable parameters of the Nexus chart and the
|
||||
| Parameter | Description | Default |
|
||||
|--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
|
||||
| `deploymentStrategy` | Deployment Strategy | `Recreate` |
|
||||
| `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` |
|
||||
| `nexus.imagePullSecrets` | Secret to download Nexus Repository image from private registry | `nil` |
|
||||
| `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` |
|
||||
| `imagePullSecrets` | The names of the kubernetes secrets with credentials to login to a registry | `[]` |
|
||||
| `nexus.docker.enabled` | Enable/disable Docker support | `false` |
|
||||
| `nexus.docker.registries` | Support multiple Docker registries | (see below) |
|
||||
| `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` |
|
||||
| `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` |
|
||||
| `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` |
|
||||
| `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |
|
||||
| `nexus.resources` | Nexus Repository resource requests and limits | `{}` |
|
||||
| `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` |
|
||||
| `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |
|
||||
| `nexus.resources` | Nexus Repository resource requests and limits | `{}` |
|
||||
| `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` |
|
||||
| `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` |
|
||||
| `nexus.labels` | Service labels | `{}` |
|
||||
| `nexus.podAnnotations` | Pod Annotations | `{}` |
|
||||
@ -159,17 +164,17 @@ The following table lists the configurable parameters of the Nexus chart and the
|
||||
| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] |
|
||||
| `nexus.properties.override` | Set to true to override default nexus.properties | `false` |
|
||||
| `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` |
|
||||
| `ingress.enabled` | Create an ingress for Nexus Repository | `true` |
|
||||
| `ingress.enabled` | Create an ingress for Nexus Repository | `false` |
|
||||
| `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` |
|
||||
| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |
|
||||
| `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` |
|
||||
| `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` |
|
||||
| `tolerations` | tolerations list | `[]` |
|
||||
| `config.enabled` | Enable configmap | `false` |
|
||||
| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` |
|
||||
| `config.data` | Configmap data | `nil` |
|
||||
| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` |
|
||||
| `deployment.initContainers` | Init containers to run before main containers | `nil` |
|
||||
| `deployment.postStart.command` | Command to run after starting the container | `nil` |
|
||||
| `deployment.postStart.command` | Command to run after starting the container | `nil` |
|
||||
| `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s |
|
||||
| `deployment.additionalContainers` | Add additional Container | `nil` |
|
||||
| `deployment.additionalVolumes` | Add additional Volumes | `nil` |
|
||||
@ -188,16 +193,44 @@ The following table lists the configurable parameters of the Nexus chart and the
|
||||
| `route.portName` | Target port name of service | `docker` |
|
||||
| `route.labels` | Labels to be added to route | `{}` |
|
||||
| `route.annotations` | Annotations to be added to route | `{}` |
|
||||
| `route.path` | Host name of Route e.g. jenkins.example.com | nil |
|
||||
| `route.path` | Host name of Route e.g. jenkins.example.com | nil |
|
||||
| `serviceAccount.create` | Set to true to create ServiceAccount | `true` |
|
||||
| `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` |
|
||||
| `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` |
|
||||
| `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` |
|
||||
| `persistence.enabled` | Set false to eliminate persistent storage | `true` |
|
||||
| `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil |
|
||||
| `persistence.storageSize` | Size of the storage the chart will request | `8Gi` |
|
||||
| `persistence.storageSize` | Size of the storage the chart will request | `8Gi` |
|
||||
|
||||
### Persistence
|
||||
|
||||
By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead.
|
||||
|
||||
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
|
||||
|
||||
## Using the Image from the Red Hat Registry
|
||||
|
||||
To use the [Nexus Repository Manager image available from Red Hat's registry](https://catalog.redhat.com/software/containers/sonatype/nexus-repository-manager/594c281c1fbe9847af657690),
|
||||
you'll need to:
|
||||
* Load the credentials for the registry as a secret in your cluster
|
||||
```shell
|
||||
kubectl create secret docker-registry redhat-pull-secret \
|
||||
--docker-server=registry.connect.redhat.com \
|
||||
--docker-username=<user_name> \
|
||||
--docker-password=<password> \
|
||||
--docker-email=<email>
|
||||
```
|
||||
See Red Hat's [Registry Authentication documentation](https://access.redhat.com/RegistryAuthentication)
|
||||
for further details.
|
||||
* Provide the name of the secret in `imagePullSecrets` in this chart's `values.yaml`
|
||||
```yaml
|
||||
imagePullSecrets:
|
||||
- name: redhat-pull-secret
|
||||
```
|
||||
* Set `image.name` and `image.tag` in `values.yaml`
|
||||
```yaml
|
||||
image:
|
||||
repository: registry.connect.redhat.com/sonatype/nexus-repository-server
|
||||
tag: 3.39.0-ubi-1
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
@ -48,7 +48,7 @@ spec:
|
||||
hostAliases:
|
||||
{{ toYaml .Values.nexus.hostAliases | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.nexus.imagePullSecrets }}
|
||||
{{- with .Values.imagePullSecrets }}
|
||||
imagePullSecrets:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
@ -59,7 +59,14 @@ spec:
|
||||
- name: {{ .Chart.Name }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy }}
|
||||
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
lifecycle:
|
||||
{{- if .Values.deployment.postStart.command }}
|
||||
postStart:
|
||||
|
||||
@ -62,6 +62,9 @@ metadata:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if $.Values.ingress.ingressClassName }}
|
||||
ingressClassName: {{ $.Values.ingress.ingressClassName }}
|
||||
{{- end }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ $registry.host | quote }}
|
||||
|
||||
@ -36,7 +36,14 @@ tests:
|
||||
pattern: sonatype/nexus3:3\.\d+\.\d+
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].securityContext
|
||||
value: null
|
||||
value:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].imagePullPolicy
|
||||
value: IfNotPresent
|
||||
@ -44,12 +51,17 @@ tests:
|
||||
path: spec.template.spec.containers[0].env
|
||||
value:
|
||||
- name: INSTALL4J_ADD_VM_PARAMS
|
||||
value: -Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap
|
||||
value: |-
|
||||
-Xms2703M -Xmx2703M
|
||||
-XX:MaxDirectMemorySize=2703M
|
||||
-XX:+UnlockExperimentalVMOptions
|
||||
-XX:+UseCGroupMemoryLimitForHeap
|
||||
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
|
||||
- name: NEXUS_SECURITY_RANDOMPASSWORD
|
||||
value: "true"
|
||||
- equal:
|
||||
path: spec.template.spec.containers[0].ports
|
||||
value:
|
||||
value:
|
||||
- containerPort: 8081
|
||||
name: nexus-ui
|
||||
- equal:
|
||||
@ -83,3 +95,26 @@ tests:
|
||||
- name: nexus-repository-manager-data
|
||||
persistentVolumeClaim:
|
||||
claimName: RELEASE-NAME-nexus-repository-manager-data
|
||||
- equal:
|
||||
path: spec.template.spec.securityContext
|
||||
value:
|
||||
fsGroup: 200
|
||||
runAsGroup: 200
|
||||
runAsUser: 200
|
||||
|
||||
- it: should use our simple values
|
||||
template: deployment.yaml
|
||||
set:
|
||||
deploymentStrategy: my-strategy
|
||||
imagePullSecrets:
|
||||
- name: top-secret
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 1
|
||||
- equal:
|
||||
path: spec.strategy.type
|
||||
value: my-strategy
|
||||
- equal:
|
||||
path: spec.template.spec.imagePullSecrets
|
||||
value:
|
||||
- name: top-secret
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
---
|
||||
suite: ingress
|
||||
templates:
|
||||
- ingress.yaml
|
||||
@ -97,7 +98,105 @@ tests:
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-nexus-repository-manager
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: spec
|
||||
value:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: repo.demo
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: RELEASE-NAME-nexus-repository-manager
|
||||
port:
|
||||
number: 8081
|
||||
- documentIndex: 1
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-nexus-repository-manager-docker-5000
|
||||
- documentIndex: 1
|
||||
equal:
|
||||
path: spec
|
||||
value:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- host: docker.repo.demo
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: RELEASE-NAME-nexus-repository-manager-docker-5000
|
||||
port:
|
||||
number: 5000
|
||||
tls:
|
||||
- hosts:
|
||||
- docker.repo.demo
|
||||
secretName: registry-secret
|
||||
- it: we can exclude ingressClassName for repo ingress and docker ingress
|
||||
set:
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: {}
|
||||
nexus:
|
||||
docker:
|
||||
enabled: true
|
||||
registries:
|
||||
- host: docker.repo.demo
|
||||
port: 5000
|
||||
secretName: registry-secret
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
count: 2
|
||||
- isKind:
|
||||
of: Ingress
|
||||
- equal:
|
||||
path: apiVersion
|
||||
value: networking.k8s.io/v1
|
||||
- equal:
|
||||
path: metadata.labels.[app.kubernetes.io/instance]
|
||||
value: RELEASE-NAME
|
||||
- equal:
|
||||
path: metadata.labels.[app.kubernetes.io/managed-by]
|
||||
value: Helm
|
||||
- matchRegex:
|
||||
path: metadata.labels.[app.kubernetes.io/version]
|
||||
pattern: \d+\.\d+\.\d+
|
||||
- matchRegex:
|
||||
path: metadata.labels.[helm.sh/chart]
|
||||
pattern: nexus-repository-manager-\d+\.\d+\.\d+
|
||||
- equal:
|
||||
path: metadata.labels.[app.kubernetes.io/name]
|
||||
value: nexus-repository-manager
|
||||
- equal:
|
||||
path: metadata.annotations
|
||||
value:
|
||||
nginx.ingress.kubernetes.io/proxy-body-size: "0"
|
||||
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: metadata.name
|
||||
value: RELEASE-NAME-nexus-repository-manager
|
||||
- documentIndex: 0
|
||||
equal:
|
||||
path: spec
|
||||
value:
|
||||
rules:
|
||||
- host: repo.demo
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: RELEASE-NAME-nexus-repository-manager
|
||||
port:
|
||||
number: 8081
|
||||
- documentIndex: 1
|
||||
equal:
|
||||
path: metadata.name
|
||||
@ -119,9 +218,8 @@ tests:
|
||||
number: 5000
|
||||
tls:
|
||||
- hosts:
|
||||
- docker.repo.demo
|
||||
- docker.repo.demo
|
||||
secretName: registry-secret
|
||||
|
||||
- it: is disabled by default
|
||||
asserts:
|
||||
- hasDocuments:
|
||||
|
||||
@ -2,13 +2,16 @@
|
||||
statefulset:
|
||||
# This is not supported
|
||||
enabled: false
|
||||
# By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% . you can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage.
|
||||
deploymentStrategy: Recreate
|
||||
image:
|
||||
# Sonatype Official Public Image
|
||||
repository: sonatype/nexus3
|
||||
tag: 3.41.1
|
||||
tag: 3.57.1
|
||||
pullPolicy: IfNotPresent
|
||||
imagePullSecrets:
|
||||
# for image registries that require login, specify the name of the existing
|
||||
# kubernetes secret
|
||||
# - name: <pull-secret-name>
|
||||
|
||||
nexus:
|
||||
docker:
|
||||
@ -16,12 +19,17 @@ nexus:
|
||||
# registries:
|
||||
# - host: chart.local
|
||||
# port: 5000
|
||||
# secretName: registrySecret
|
||||
# secretName: registry-secret
|
||||
env:
|
||||
# minimum recommended memory settings for a small, person instance from
|
||||
# https://help.sonatype.com/repomanager3/product-information/system-requirements
|
||||
- name: INSTALL4J_ADD_VM_PARAMS
|
||||
value: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
|
||||
value: |-
|
||||
-Xms2703M -Xmx2703M
|
||||
-XX:MaxDirectMemorySize=2703M
|
||||
-XX:+UnlockExperimentalVMOptions
|
||||
-XX:+UseCGroupMemoryLimitForHeap
|
||||
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
|
||||
- name: NEXUS_SECURITY_RANDOMPASSWORD
|
||||
value: "true"
|
||||
properties:
|
||||
@ -72,8 +80,6 @@ nexus:
|
||||
# - "example.com"
|
||||
# - "www.example.com"
|
||||
|
||||
|
||||
imagePullSecrets: []
|
||||
nameOverride: ""
|
||||
fullnameOverride: ""
|
||||
|
||||
|
||||
@ -15,13 +15,13 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 41.1.3
|
||||
version: 57.1.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: 3.41.1
|
||||
appVersion: 3.57.1
|
||||
|
||||
keywords:
|
||||
- artifacts
|
||||
|
||||
@ -62,6 +62,98 @@ You will also need to complete the steps below. See the referenced AWS documenta
|
||||
|
||||
---
|
||||
|
||||
## External-dns
|
||||
|
||||
This helm chart uses [external-dns](https://github.com/kubernetes-sigs/external-dns) to create 'A' records in AWS Route 53 for our [Docker subdomain feature](https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-subdomain-connector).
|
||||
|
||||
See the ```external-dns.alpha.kubernetes.io/hostname``` annotation in the dockerIngress resource in the values.yaml.
|
||||
|
||||
### Permissions for external-dns
|
||||
|
||||
Open a terminal that has connectivity to your EKS cluster and run the following commands:
|
||||
```
|
||||
|
||||
cat <<'EOF' >> external-dns-r53-policy.json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"route53:ChangeResourceRecordSets"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:route53:::hostedzone/*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"route53:ListHostedZones",
|
||||
"route53:ListResourceRecordSets"
|
||||
],
|
||||
"Resource": [
|
||||
"*"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
|
||||
|
||||
aws iam create-policy --policy-name "AllowExternalDNSUpdates" --policy-document file://external-dns-r53-policy.json
|
||||
|
||||
|
||||
POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`AllowExternalDNSUpdates`].Arn' --output text)
|
||||
|
||||
|
||||
EKS_CLUSTER_NAME=<Your EKS Cluster Name>
|
||||
|
||||
|
||||
aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text
|
||||
|
||||
|
||||
eksctl utils associate-iam-oidc-provider --cluster $EKS_CLUSTER_NAME --approve
|
||||
|
||||
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
|
||||
OIDC_PROVIDER=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | sed -e 's|^https://||')
|
||||
```
|
||||
|
||||
Note: The value you assign to the 'EXTERNALDNS_NS' variable below should be the same as the one you specify in your values.yaml for namespaces.externaldnsNs
|
||||
```
|
||||
EXTERNALDNS_NS=nexus-externaldns
|
||||
|
||||
cat <<-EOF > externaldns-trust.json
|
||||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Effect": "Allow",
|
||||
"Principal": {
|
||||
"Federated": "arn:aws:iam::$ACCOUNT_ID:oidc-provider/$OIDC_PROVIDER"
|
||||
},
|
||||
"Action": "sts:AssumeRoleWithWebIdentity",
|
||||
"Condition": {
|
||||
"StringEquals": {
|
||||
"$OIDC_PROVIDER:sub": "system:serviceaccount:${EXTERNALDNS_NS}:external-dns",
|
||||
"$OIDC_PROVIDER:aud": "sts.amazonaws.com"
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
EOF
|
||||
|
||||
IRSA_ROLE="nexusrepo-external-dns-irsa-role"
|
||||
aws iam create-role --role-name $IRSA_ROLE --assume-role-policy-document file://externaldns-trust.json
|
||||
aws iam attach-role-policy --role-name $IRSA_ROLE --policy-arn $POLICY_ARN
|
||||
|
||||
ROLE_ARN=$(aws iam get-role --role-name $IRSA_ROLE --query Role.Arn --output text)
|
||||
echo $ROLE_ARN
|
||||
```
|
||||
|
||||
2. Take note of the ROLE_ARN outputted last above and specify it in your values.yaml for serviceAccount.externaldns.role
|
||||
|
||||
## Deployment
|
||||
1. Add the sonatype repo to your helm:
|
||||
```helm repo add sonatype https://sonatype.github.io/helm3-charts/ ```
|
||||
|
||||
@ -70,7 +70,7 @@ spec:
|
||||
- name: NEXUS_SECURITY_RANDOMPASSWORD
|
||||
value: "false"
|
||||
- name: INSTALL4J_ADD_VM_PARAMS
|
||||
value: "-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Dnexus.licenseFile=/nxrm-secrets/{{ .Values.secret.license.alias }} \
|
||||
value: "{{ .Values.deployment.container.env.install4jAddVmParams }} -Dnexus.licenseFile=/nxrm-secrets/{{ .Values.secret.license.alias }} \
|
||||
-Dnexus.datastore.enabled=true -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs \
|
||||
-Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://${DB_HOST}:{{ .Values.deployment.container.env.nexusDBPort }}/${DB_NAME} \
|
||||
-Dnexus.datastore.nexus.username=${DB_USER} \
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
# comment out sa if it was previously created
|
||||
{{- if .Values.externaldns.enabled }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
@ -64,3 +64,4 @@ spec:
|
||||
env:
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: {{ .Values.deployment.clusterRegion }}
|
||||
{{- end }}
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
{{- if .Values.fluentbit.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@ -77,7 +78,7 @@ data:
|
||||
[INPUT]
|
||||
Name tail
|
||||
Tag nexus.nexus-log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
|
||||
Parser docker
|
||||
DB /var/fluent-bit/state/flb_container.db
|
||||
Mem_Buf_Limit 5MB
|
||||
@ -112,7 +113,7 @@ data:
|
||||
[INPUT]
|
||||
Name tail
|
||||
Tag nexus.request-log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_request-log-*.log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_request-log-*.log
|
||||
Parser docker
|
||||
DB /var/fluent-bit/state/flb_container.db
|
||||
Mem_Buf_Limit 5MB
|
||||
@ -147,7 +148,7 @@ data:
|
||||
[INPUT]
|
||||
Name tail
|
||||
Tag nexus.audit-log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
|
||||
Parser docker
|
||||
DB /var/fluent-bit/state/flb_container.db
|
||||
Mem_Buf_Limit 5MB
|
||||
@ -182,7 +183,7 @@ data:
|
||||
[INPUT]
|
||||
Name tail
|
||||
Tag nexus.tasks-log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-nxrm.deployment*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
|
||||
Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
|
||||
Parser docker
|
||||
DB /var/fluent-bit/state/flb_container.db
|
||||
Mem_Buf_Limit 5MB
|
||||
@ -357,4 +358,5 @@ spec:
|
||||
- operator: "Exists"
|
||||
effect: "NoExecute"
|
||||
- operator: "Exists"
|
||||
effect: "NoSchedule"
|
||||
effect: "NoSchedule"
|
||||
{{- end }}
|
||||
@ -24,6 +24,7 @@ spec:
|
||||
port:
|
||||
number: {{ .Values.service.nexus.port }}
|
||||
---
|
||||
{{- if .Values.ingress.dockerIngress.enabled -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
@ -49,3 +50,4 @@ spec:
|
||||
name: {{ .Chart.Name }}-docker-service
|
||||
port:
|
||||
number: {{ .Values.service.docker.port }}
|
||||
{{- end }}
|
||||
@ -3,13 +3,16 @@ kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Values.namespaces.nexusNs }}
|
||||
---
|
||||
{{- if .Values.fluentbit.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Values.namespaces.cloudwatchNs }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.externaldns.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Values.namespaces.externaldnsNs }}
|
||||
---
|
||||
{{- end }}
|
||||
|
||||
@ -6,6 +6,7 @@ metadata:
|
||||
annotations:
|
||||
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
|
||||
---
|
||||
{{- if .Values.externaldns.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
@ -13,4 +14,4 @@ metadata:
|
||||
namespace: {{ .Values.namespaces.externaldnsNs }}
|
||||
annotations:
|
||||
eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
|
||||
---
|
||||
{{- end }}
|
||||
|
||||
@ -14,6 +14,7 @@ spec:
|
||||
port: {{ .Values.service.nexus.port }}
|
||||
targetPort: {{ .Values.service.nexus.targetPort }}
|
||||
---
|
||||
{{- if .Values.service.docker.enabled -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
@ -30,3 +31,4 @@ spec:
|
||||
protocol: {{ .Values.service.docker.protocol }}
|
||||
port: {{ .Values.service.docker.port }}
|
||||
targetPort: {{ .Values.service.docker.targetPort }}
|
||||
{{- end }}
|
||||
11
nxrm-aws-resiliency/templates/workdir-configmap.yaml
Normal file
11
nxrm-aws-resiliency/templates/workdir-configmap.yaml
Normal file
@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ .Values.workdir.configmap.name }}
|
||||
namespace: {{ .Values.namespaces.nexusNs }}
|
||||
data:
|
||||
create-nexus-work-dir.sh: |
|
||||
#!/bin/bash
|
||||
# Make Nexus Repository Manager work directory
|
||||
mkdir -p /nexus-repo-mgr-work-dir/work
|
||||
|
||||
51
nxrm-aws-resiliency/templates/workdir-daemonset.yaml
Normal file
51
nxrm-aws-resiliency/templates/workdir-daemonset.yaml
Normal file
@ -0,0 +1,51 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ .Values.workdir.daemonset.name }}
|
||||
namespace: {{ .Values.namespaces.nexusNs }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
job: dircreator
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
job: dircreator
|
||||
spec:
|
||||
hostPID: true
|
||||
restartPolicy: Always
|
||||
initContainers:
|
||||
# Copy file for creating nexus work directory over and execute it on host
|
||||
- name: create-nexus-work-dir
|
||||
image: ubuntu:23.04
|
||||
command: [/bin/sh]
|
||||
args:
|
||||
- -c
|
||||
- >-
|
||||
cp /tmp/create-nexus-work-dir.sh /host-dir &&
|
||||
/usr/bin/nsenter -m/proc/1/ns/mnt -- chmod u+x /tmp/install/create-nexus-work-dir.sh &&
|
||||
/usr/bin/nsenter -m/proc/1/ns/mnt /tmp/install/create-nexus-work-dir.sh
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- name: create-nexus-work-dir-script
|
||||
mountPath: /tmp
|
||||
- name: host-mnt
|
||||
mountPath: /host-dir
|
||||
containers:
|
||||
- name: directory-creator
|
||||
image: busybox:1.33.1
|
||||
command: ["/bin/sh"]
|
||||
args:
|
||||
- -c
|
||||
- >-
|
||||
tail -f /dev/null
|
||||
securityContext:
|
||||
privileged: true
|
||||
volumes:
|
||||
- name: create-nexus-work-dir-script
|
||||
configMap:
|
||||
name: {{ .Values.workdir.configmap.name }}
|
||||
- name: host-mnt
|
||||
hostPath:
|
||||
path: /tmp/install
|
||||
@ -4,14 +4,18 @@ namespaces:
|
||||
cloudwatchNs: amazon-cloudwatch
|
||||
externaldnsNs: nexus-externaldns
|
||||
externaldns:
|
||||
enabled: false
|
||||
domainFilter: example.com #your root domain e.g example.com
|
||||
awsZoneType: private # hosted zone to look at (valid values are public, private or no value for both)
|
||||
fluentbit:
|
||||
enabled: false
|
||||
deployment:
|
||||
clusterRegion: us-east-1
|
||||
name: nxrm.deployment
|
||||
clusterName: nxrm-nexus
|
||||
logsRegion: us-east-1
|
||||
fluentBitVersion: 2.28.0
|
||||
replicaCount: 1
|
||||
initContainer:
|
||||
image:
|
||||
repository: busybox
|
||||
@ -19,12 +23,13 @@ deployment:
|
||||
container:
|
||||
image:
|
||||
repository: sonatype/nexus3
|
||||
tag: 3.41.1
|
||||
tag: 3.45.1
|
||||
containerPort: 8081
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
nexusDBName: nexus
|
||||
nexusDBPort: 3306
|
||||
install4jAddVmParams: "-Xms2703m -Xmx2703m"
|
||||
requestLogContainer:
|
||||
image:
|
||||
repository: busybox
|
||||
@ -47,24 +52,33 @@ ingress:
|
||||
#host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: alb
|
||||
alb.ingress.kubernetes.io/healthcheck-path: /service/rest/v1/status
|
||||
alb.ingress.kubernetes.io/scheme: internal # scheme
|
||||
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
|
||||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
|
||||
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # The AWS Certificate Manager ARN for your HTTPS certificate
|
||||
dockerIngress: #Ingress for Docker Connector - comment out if you don't use docker repositories
|
||||
#alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' uncomment for https
|
||||
#alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Uncomment for https. The AWS Certificate Manager ARN for your HTTPS certificate
|
||||
dockerIngress: #Ingress for Docker Connector - comment out if you don't use docker repositories
|
||||
enabled: false
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
|
||||
alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
|
||||
alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
|
||||
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #comment out if you don't use docker repositories
|
||||
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Comment out if you don't use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
|
||||
external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
|
||||
# alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #uncomment if you use docker repositories
|
||||
# alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Uncomment if you use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
|
||||
# external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
|
||||
workdir:
|
||||
configmap:
|
||||
name: create-nexus-workdir-config
|
||||
daemonset:
|
||||
name: create-nexus-work-dir
|
||||
storageClass:
|
||||
iopsPerGB: "10" #Note: aws plugin multiplies this by the size of the requested volumne to compute IOPS of the volumne and caps it a 20, 000 IOPS
|
||||
pv:
|
||||
storage: 120Gi
|
||||
volumeMode: Filesystem
|
||||
accessModes: ReadWriteOnce
|
||||
reclaimPolicy: Retain
|
||||
path: /mnt
|
||||
path: /nexus-repo-mgr-work-dir/work
|
||||
zones:
|
||||
zone1: us-east-1a
|
||||
zone2: us-east-1b
|
||||
@ -72,21 +86,22 @@ pvc:
|
||||
accessModes: ReadWriteOnce
|
||||
storage: 100Gi
|
||||
|
||||
service: #Nexus Repo NodePort Service
|
||||
service: #Nexus Repo NodePort Service
|
||||
nexus:
|
||||
type: NodePort
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8081
|
||||
docker: #Nodeport Service for Docker Service
|
||||
type: NodePort
|
||||
protocol: TCP
|
||||
port: 9090
|
||||
targetPort: 8081
|
||||
type: NodePort
|
||||
protocol: TCP
|
||||
port: 80
|
||||
targetPort: 8081
|
||||
docker: #Nodeport Service for Docker Service
|
||||
enabled: false
|
||||
type: NodePort
|
||||
protocol: TCP
|
||||
port: 9090
|
||||
targetPort: 8081
|
||||
secret:
|
||||
license:
|
||||
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
|
||||
alias: nxrm-license.lic
|
||||
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
|
||||
alias: nxrm-license.lic
|
||||
rds:
|
||||
arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrmrds-cred-nexus
|
||||
adminpassword:
|
||||
|
||||
Reference in New Issue
Block a user