nhyatt/nxrm3-helm-repository
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nhyatt:lisadurant-patch-2
Branches Tags
nhyatt:main nhyatt:update-readme nhyatt:NEXUS-40550-update-archive-project nhyatt:README-Updates-Lisa nhyatt:remove-orient-chart nhyatt:NEXUS-39410-Make-fluentbit-docker-and-external-dns-optional nhyatt:NEXUS-38174 nhyatt:NEXUS-37860_allow_scripts nhyatt:specify-custom-folder-for-nexus-data nhyatt:ArchiveNoticeUpdate nhyatt:NEXUS-36200_stateful-set-nxrm-ha nhyatt:NEXUS-34974-publish-nxrm-helm-charts nhyatt:lisadurant-patch-2 nhyatt:NEXUS-34843_update_the_AWS_resiliency_helm_chart_version
nhyatt:64.2.0 nhyatt:64.1.0 nhyatt:64.0.0 nhyatt:63.0.0 nhyatt:62.0.0 nhyatt:61.0.2 nhyatt:61.0.0 nhyatt:60.0.0 nhyatt:59.0.0 nhyatt:58.1.0 nhyatt:57.1.0 nhyatt:58.0.0 nhyatt:57.0.0 nhyatt:56.0.0 nhyatt:55.0.0 nhyatt:54.1.0 nhyatt:54.0.0 nhyatt:53.1.0 nhyatt:53.0.0 nhyatt:52.0.0 nhyatt:51.0.0 nhyatt:50.0.0 nhyatt:49.0.0 nhyatt:48.0.0 nhyatt:47.1.0 nhyatt:47.0.0 nhyatt:46.0.0 nhyatt:45.1.0 nhyatt:45.0.0 nhyatt:44.0.0 nhyatt:43.0.0 nhyatt:42.0.1 nhyatt:42.0.0 nhyatt:41.1.3 nhyatt:41.1.2 nhyatt:41.1.1
..
compare: nhyatt:42.0.1
Branches Tags
nhyatt:main nhyatt:update-readme nhyatt:NEXUS-40550-update-archive-project nhyatt:README-Updates-Lisa nhyatt:remove-orient-chart nhyatt:NEXUS-39410-Make-fluentbit-docker-and-external-dns-optional nhyatt:NEXUS-38174 nhyatt:NEXUS-37860_allow_scripts nhyatt:specify-custom-folder-for-nexus-data nhyatt:ArchiveNoticeUpdate nhyatt:NEXUS-36200_stateful-set-nxrm-ha nhyatt:NEXUS-34974-publish-nxrm-helm-charts nhyatt:lisadurant-patch-2 nhyatt:NEXUS-34843_update_the_AWS_resiliency_helm_chart_version
nhyatt:64.2.0 nhyatt:64.1.0 nhyatt:64.0.0 nhyatt:63.0.0 nhyatt:62.0.0 nhyatt:61.0.2 nhyatt:61.0.0 nhyatt:60.0.0 nhyatt:59.0.0 nhyatt:58.1.0 nhyatt:57.1.0 nhyatt:58.0.0 nhyatt:57.0.0 nhyatt:56.0.0 nhyatt:55.0.0 nhyatt:54.1.0 nhyatt:54.0.0 nhyatt:53.1.0 nhyatt:53.0.0 nhyatt:52.0.0 nhyatt:51.0.0 nhyatt:50.0.0 nhyatt:49.0.0 nhyatt:48.0.0 nhyatt:47.1.0 nhyatt:47.0.0 nhyatt:46.0.0 nhyatt:45.1.0 nhyatt:45.0.0 nhyatt:44.0.0 nhyatt:43.0.0 nhyatt:42.0.1 nhyatt:42.0.0 nhyatt:41.1.3 nhyatt:41.1.2 nhyatt:41.1.1

19 Commits
lisadurant ... 42.0.1

Author SHA1 Message Date
Sonatype Zion
4b4bbd13f3 Release Update for 42.0.1 2022-09-28 15:38:44 +00:00
Sonatype Zion
77aac91a9f Release Update for 42.0.0 2022-09-28 14:28:27 +00:00
Sergii Pryhoda
0c51e4c7be Merge pull request #22 from sonatype/NEXUS-34974-publish-nxrm-helm-charts 2022-09-28 16:35:17 +03:00
spryhoda
0adb4a9fc7 uncomment the tests related code in Jenkinsfile 2022-09-20 10:43:08 +03:00
spryhoda
1a821d1032 uncomment the tests 2022-09-19 12:41:25 +03:00
spryhoda
1fa72df38c license header added to README.md 2022-09-14 11:26:56 +03:00
spryhoda
8123c3db21 NEXUS-34974 Publish nxrm helm charts to Sonatype helm repo and Artifact Hub 2022-09-13 15:33:07 +03:00
Olu Shiyanbade
595206fdc9 Merge pull request #21 from sonatype/fix-build 
fix build
 2022-09-02 16:12:52 +01:00
Lisa Durant
7d1dfaa1bd Update README.md 2022-09-02 10:43:11 -04:00
Olu Shiyanbade
de46a3ca1f fix build 2022-09-02 13:06:18 +01:00
Olu Shiyanbade
298a49e994 Merge pull request #20 from sonatype/fix-build 
fix build
 2022-09-02 12:53:26 +01:00
Olu Shiyanbade
786e5717d2 fix build 2022-09-02 12:50:47 +01:00
Olu Shiyanbade
6ed696ec15 Merge pull request #19 from sonatype/NEXUS-35078-Remove-nexus-repository-manager-helm3-charts 
Remove non resiliency helm3-charts
 2022-09-02 12:41:59 +01:00
Olu Shiyanbade
e82e7a3208 Remove non resiliency helm3-charts 2022-09-02 11:23:27 +01:00
Lisa Durant
d9da79bb8d Update README.md 
wording cleanup
 2022-08-30 15:29:11 -04:00
Lisa Durant
670344d45a Merge pull request #15 from sonatype/update-readme 
NEXUS-34871 - readme update
 2022-08-30 15:15:32 -04:00
Lisa Durant
b5168a2dc3 Merge pull request #16 from sonatype/lisadurant-patch-2 
readme update
 2022-08-30 15:09:58 -04:00
Olu Shiyanbade
1b4585d89c readme update 2022-08-30 19:32:36 +01:00
Olu Shiyanbade
4b91e48ef5 readme update 2022-08-30 19:30:05 +01:00
20 changed files with 312 additions and 46 deletions
Expand all files Collapse all files

13
Jenkinsfile-Release
View File

@ -17,16 +17,6 @@ final jira = [
credentialId : 'jenkins-jira', autoRelease: true, failOnError: true credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
] ]
final jiraVersionMappings = [
'nexus-repository-manager': 'helm-nxrm',
'nxrm-aws-resiliency': 'helm-nxrm-aws-resiliency'
]
final chartLocation = [
'nexus-repository-manager': 'nexus-repository-manager',
'nxrm-aws-resiliency': 'nxrm-aws-resiliency'
]
properties([ properties([
parameters([ parameters([
string( string(
@ -55,7 +45,8 @@ dockerizedBuildPipeline(
runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}" runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}" runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
runSafely './build.sh' runSafely './build.sh'
runSafely 'git add nxrm-aws-resiliency nexus-repository-manager' runSafely 'git add nxrm-aws-resiliency'
runSafely 'git add nexus-repository-manager'
}, },
skipVulnerabilityScan: true, skipVulnerabilityScan: true,
archiveArtifacts: 'docs/*', archiveArtifacts: 'docs/*',

2
README.md
View File

@ -22,7 +22,7 @@ See the [AWS Single-Instance Resiliency Chart](https://github.com/sonatype/nxrm3
* Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region * Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
* Using an external PostgreSQL database (required) * Using an external PostgreSQL database (required)
See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager) if you are doing the following: See the [Single-Instance OSS/Pro Kubernetes Chart](https://github.com/sonatype/helm3-charts/tree/main/charts/nexus-repository-manager) if you are doing the following:
* Using embedded OrientDB (required) * Using embedded OrientDB (required)
* Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node) * Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node)
* Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured * Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured

BIN
docs/nexus-repository-manager-41.1.0.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-41.1.1.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-41.1.2.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-41.1.3.tgz
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-42.0.0.tgz Normal file
View File

Binary file not shown.

BIN
docs/nexus-repository-manager-42.0.1.tgz Normal file
View File

Binary file not shown.

BIN
docs/nxrm-aws-resiliency-42.0.0.tgz Normal file
View File

Binary file not shown.

BIN
docs/nxrm-aws-resiliency-42.0.1.tgz Normal file
View File

Binary file not shown.

24
nexus-repository-manager/.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS
*.tar

4
nexus-repository-manager/Chart.yaml
View File

@ -3,10 +3,10 @@ name: nexus-repository-manager
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: 41.1.3 version: 42.0.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
appVersion: 3.41.1 appVersion: 3.42.0
description: Sonatype Nexus Repository Manager - Universal Binary repository description: Sonatype Nexus Repository Manager - Universal Binary repository

60
nexus-repository-manager/README.md
View File

@ -67,14 +67,9 @@ Do not use this Helm chart and, instead, refer to our [resiliency documentation]
By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=<my>/<image>`. By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=<my>/<image>`.
### With Red Hat Certified container ## Adding the Sonatype Repository to your Helm
If you're looking run our Certified Red Hat image in an OpenShift4 environment, there is a Certified Operator in OperatorHub. To add as a Helm Repo
---
## Adding the repo
To add as a Helm Repo, use the following:
```helm repo add sonatype https://sonatype.github.io/helm3-charts/``` ```helm repo add sonatype https://sonatype.github.io/helm3-charts/```
--- ---
@ -111,6 +106,7 @@ The default login is randomized and can be found in `/nexus-data/admin.password`
by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`. by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`.
--- ---
## Uninstalling the Chart ## Uninstalling the Chart
To uninstall/delete the deployment, use the following: To uninstall/delete the deployment, use the following:
@ -133,16 +129,16 @@ The following table lists the configurable parameters of the Nexus chart and the
| Parameter | Description | Default | | Parameter | Description | Default |
|--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| |--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------|
| `deploymentStrategy` | Deployment Strategy | `Recreate` | | `deploymentStrategy` | Deployment Strategy | `Recreate` |
| `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` | | `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` |
| `nexus.imagePullSecrets` | Secret to download Nexus Repository image from private registry | `nil` | | `imagePullSecrets` | The names of the kubernetes secrets with credentials to login to a registry | `[]` |
| `nexus.docker.enabled` | Enable/disable Docker support | `false` | | `nexus.docker.enabled` | Enable/disable Docker support | `false` |
| `nexus.docker.registries` | Support multiple Docker registries | (see below) | | `nexus.docker.registries` | Support multiple Docker registries | (see below) |
| `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` | | `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` |
| `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` | | `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` |
| `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` | | `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` |
| `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` | | `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |
| `nexus.resources` | Nexus Repository resource requests and limits | `{}` | | `nexus.resources` | Nexus Repository resource requests and limits | `{}` |
| `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` | | `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` |
| `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` | | `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` |
| `nexus.labels` | Service labels | `{}` | | `nexus.labels` | Service labels | `{}` |
| `nexus.podAnnotations` | Pod Annotations | `{}` | | `nexus.podAnnotations` | Pod Annotations | `{}` |
@ -159,17 +155,17 @@ The following table lists the configurable parameters of the Nexus chart and the
| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] | | `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] |
| `nexus.properties.override` | Set to true to override default nexus.properties | `false` | | `nexus.properties.override` | Set to true to override default nexus.properties | `false` |
| `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` | | `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` |
| `ingress.enabled` | Create an ingress for Nexus Repository | `true` | | `ingress.enabled` | Create an ingress for Nexus Repository | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` | | `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` |
| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` | | `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |
| `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` | | `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` |
| `tolerations` | tolerations list | `[]` | | `tolerations` | tolerations list | `[]` |
| `config.enabled` | Enable configmap | `false` | | `config.enabled` | Enable configmap | `false` |
| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` | | `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` |
| `config.data` | Configmap data | `nil` | | `config.data` | Configmap data | `nil` |
| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` | | `deployment.annotations` | Annotations to enhance deployment configuration | `{}` |
| `deployment.initContainers` | Init containers to run before main containers | `nil` | | `deployment.initContainers` | Init containers to run before main containers | `nil` |
| `deployment.postStart.command` | Command to run after starting the container | `nil` | | `deployment.postStart.command` | Command to run after starting the container | `nil` |
| `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s | | `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s |
| `deployment.additionalContainers` | Add additional Container | `nil` | | `deployment.additionalContainers` | Add additional Container | `nil` |
| `deployment.additionalVolumes` | Add additional Volumes | `nil` | | `deployment.additionalVolumes` | Add additional Volumes | `nil` |
@ -188,16 +184,44 @@ The following table lists the configurable parameters of the Nexus chart and the
| `route.portName` | Target port name of service | `docker` | | `route.portName` | Target port name of service | `docker` |
| `route.labels` | Labels to be added to route | `{}` | | `route.labels` | Labels to be added to route | `{}` |
| `route.annotations` | Annotations to be added to route | `{}` | | `route.annotations` | Annotations to be added to route | `{}` |
| `route.path` | Host name of Route e.g. jenkins.example.com | nil | | `route.path` | Host name of Route e.g. jenkins.example.com | nil |
| `serviceAccount.create` | Set to true to create ServiceAccount | `true` | | `serviceAccount.create` | Set to true to create ServiceAccount | `true` |
| `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` | | `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` |
| `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` | | `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` |
| `persistence.enabled` | Set false to eliminate persistent storage | `true` | | `persistence.enabled` | Set false to eliminate persistent storage | `true` |
| `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil | | `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil |
| `persistence.storageSize` | Size of the storage the chart will request | `8Gi` | | `persistence.storageSize` | Size of the storage the chart will request | `8Gi` |
### Persistence ### Persistence
By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead. By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead.
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* > *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
## Using the Image from the Red Hat Registry
To use the [Nexus Repository Manager image available from Red Hat's registry](https://catalog.redhat.com/software/containers/sonatype/nexus-repository-manager/594c281c1fbe9847af657690),
you'll need to:
* Load the credentials for the registry as a secret in your cluster
```shell
kubectl create secret docker-registry redhat-pull-secret \
--docker-server=registry.connect.redhat.com \
--docker-username=<user_name> \
--docker-password=<password> \
--docker-email=<email>
```
See Red Hat's [Registry Authentication documentation](https://access.redhat.com/RegistryAuthentication)
for further details.
* Provide the name of the secret in `imagePullSecrets` in this chart's `values.yaml`
```yaml
imagePullSecrets:
- name: redhat-pull-secret
```
* Set `image.name` and `image.tag` in `values.yaml`
```yaml
image:
repository: registry.connect.redhat.com/sonatype/nexus-repository-server
tag: 3.39.0-ubi-1
```
---

2
nexus-repository-manager/templates/deployment.yaml
View File

@ -48,7 +48,7 @@ spec:
hostAliases: hostAliases:
{{ toYaml .Values.nexus.hostAliases | nindent 8 }} {{ toYaml .Values.nexus.hostAliases | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.nexus.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}

3
nexus-repository-manager/templates/ingress.yaml
View File

@ -62,6 +62,9 @@ metadata:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
{{- if $.Values.ingress.ingressClassName }}
ingressClassName: {{ $.Values.ingress.ingressClassName }}
{{- end }}
tls: tls:
- hosts: - hosts:
- {{ $registry.host | quote }} - {{ $registry.host | quote }}

30
nexus-repository-manager/tests/deployment_test.yaml
View File

@ -44,7 +44,12 @@ tests:
path: spec.template.spec.containers[0].env path: spec.template.spec.containers[0].env
value: value:
- name: INSTALL4J_ADD_VM_PARAMS - name: INSTALL4J_ADD_VM_PARAMS
value: -Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap value: |-
-Xms2703M -Xmx2703M
-XX:MaxDirectMemorySize=2703M
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
- name: NEXUS_SECURITY_RANDOMPASSWORD - name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true" value: "true"
- equal: - equal:
@ -83,3 +88,26 @@ tests:
- name: nexus-repository-manager-data - name: nexus-repository-manager-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: RELEASE-NAME-nexus-repository-manager-data claimName: RELEASE-NAME-nexus-repository-manager-data
- equal:
path: spec.template.spec.securityContext
value:
fsGroup: 200
runAsGroup: 200
runAsUser: 200
- it: should use our simple values
template: deployment.yaml
set:
deploymentStrategy: my-strategy
imagePullSecrets:
- name: top-secret
asserts:
- hasDocuments:
count: 1
- equal:
path: spec.strategy.type
value: my-strategy
- equal:
path: spec.template.spec.imagePullSecrets
value:
- name: top-secret

102
nexus-repository-manager/tests/ingress_test.yaml
View File

@ -1,3 +1,4 @@
---
suite: ingress suite: ingress
templates: templates:
- ingress.yaml - ingress.yaml
@ -97,7 +98,105 @@ tests:
equal: equal:
path: metadata.name path: metadata.name
value: RELEASE-NAME-nexus-repository-manager value: RELEASE-NAME-nexus-repository-manager
- documentIndex: 0
equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager
port:
number: 8081
- documentIndex: 1
equal:
path: metadata.name
value: RELEASE-NAME-nexus-repository-manager-docker-5000
- documentIndex: 1
equal:
path: spec
value:
ingressClassName: nginx
rules:
- host: docker.repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager-docker-5000
port:
number: 5000
tls:
- hosts:
- docker.repo.demo
secretName: registry-secret
- it: we can exclude ingressClassName for repo ingress and docker ingress
set:
ingress:
enabled: true
ingressClassName: {}
nexus:
docker:
enabled: true
registries:
- host: docker.repo.demo
port: 5000
secretName: registry-secret
asserts:
- hasDocuments:
count: 2
- isKind:
of: Ingress
- equal:
path: apiVersion
value: networking.k8s.io/v1
- equal:
path: metadata.labels.[app.kubernetes.io/instance]
value: RELEASE-NAME
- equal:
path: metadata.labels.[app.kubernetes.io/managed-by]
value: Helm
- matchRegex:
path: metadata.labels.[app.kubernetes.io/version]
pattern: \d+\.\d+\.\d+
- matchRegex:
path: metadata.labels.[helm.sh/chart]
pattern: nexus-repository-manager-\d+\.\d+\.\d+
- equal:
path: metadata.labels.[app.kubernetes.io/name]
value: nexus-repository-manager
- equal:
path: metadata.annotations
value:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
- documentIndex: 0
equal:
path: metadata.name
value: RELEASE-NAME-nexus-repository-manager
- documentIndex: 0
equal:
path: spec
value:
rules:
- host: repo.demo
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: RELEASE-NAME-nexus-repository-manager
port:
number: 8081
- documentIndex: 1 - documentIndex: 1
equal: equal:
path: metadata.name path: metadata.name
@ -119,9 +218,8 @@ tests:
number: 5000 number: 5000
tls: tls:
- hosts: - hosts:
- docker.repo.demo - docker.repo.demo
secretName: registry-secret secretName: registry-secret
- it: is disabled by default - it: is disabled by default
asserts: asserts:
- hasDocuments: - hasDocuments:

18
nexus-repository-manager/values.yaml
View File

@ -2,13 +2,16 @@
statefulset: statefulset:
# This is not supported # This is not supported
enabled: false enabled: false
# By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% . you can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage.
deploymentStrategy: Recreate deploymentStrategy: Recreate
image: image:
# Sonatype Official Public Image # Sonatype Official Public Image
repository: sonatype/nexus3 repository: sonatype/nexus3
tag: 3.41.1 tag: 3.42.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
imagePullSecrets:
# for image registries that require login, specify the name of the existing
# kubernetes secret
# - name: <pull-secret-name>
nexus: nexus:
docker: docker:
@ -16,12 +19,17 @@ nexus:
# registries: # registries:
# - host: chart.local # - host: chart.local
# port: 5000 # port: 5000
# secretName: registrySecret # secretName: registry-secret
env: env:
# minimum recommended memory settings for a small, person instance from # minimum recommended memory settings for a small, person instance from
# https://help.sonatype.com/repomanager3/product-information/system-requirements # https://help.sonatype.com/repomanager3/product-information/system-requirements
- name: INSTALL4J_ADD_VM_PARAMS - name: INSTALL4J_ADD_VM_PARAMS
value: "-Xms2703M -Xmx2703M -XX:MaxDirectMemorySize=2703M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" value: |-
-Xms2703M -Xmx2703M
-XX:MaxDirectMemorySize=2703M
-XX:+UnlockExperimentalVMOptions
-XX:+UseCGroupMemoryLimitForHeap
-Djava.util.prefs.userRoot=/nexus-data/javaprefs
- name: NEXUS_SECURITY_RANDOMPASSWORD - name: NEXUS_SECURITY_RANDOMPASSWORD
value: "true" value: "true"
properties: properties:
@ -72,8 +80,6 @@ nexus:
# - "example.com" # - "example.com"
# - "www.example.com" # - "www.example.com"
imagePullSecrets: []
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""

4
nxrm-aws-resiliency/Chart.yaml
View File

@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/) # Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 41.1.3 version: 42.0.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to # incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using. # follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes. # It is recommended to use it with quotes.
appVersion: 3.41.1 appVersion: 3.42.0
keywords: keywords:
- artifacts - artifacts

92
nxrm-aws-resiliency/README.md
View File

@ -62,6 +62,98 @@ You will also need to complete the steps below. See the referenced AWS documenta
--- ---
## External-dns
This helm chart uses [external-dns](https://github.com/kubernetes-sigs/external-dns) to create 'A' records in AWS Route 53 for our [Docker subdomain feature](https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-subdomain-connector).
See the ```external-dns.alpha.kubernetes.io/hostname``` annotation in the dockerIngress resource in the values.yaml.
### Permissions for external-dns
Open a terminal that has connectivity to your EKS cluster and run the following commands:
```
cat <<'EOF' >> external-dns-r53-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:ListResourceRecordSets"
],
"Resource": [
"*"
]
}
]
}
EOF
aws iam create-policy --policy-name "AllowExternalDNSUpdates" --policy-document file://external-dns-r53-policy.json
POLICY_ARN=$(aws iam list-policies --query 'Policies[?PolicyName==`AllowExternalDNSUpdates`].Arn' --output text)
EKS_CLUSTER_NAME=<Your EKS Cluster Name>
aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text
eksctl utils associate-iam-oidc-provider --cluster $EKS_CLUSTER_NAME --approve
ACCOUNT_ID=$(aws sts get-caller-identity --query "Account" --output text)
OIDC_PROVIDER=$(aws eks describe-cluster --name $EKS_CLUSTER_NAME --query "cluster.identity.oidc.issuer" --output text | sed -e 's|^https://||')
```
Note: The value you assign to the 'EXTERNALDNS_NS' variable below should be the same as the one you specify in your values.yaml for namespaces.externaldnsNs
```
EXTERNALDNS_NS=nexus-externaldns
cat <<-EOF > externaldns-trust.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::$ACCOUNT_ID:oidc-provider/$OIDC_PROVIDER"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
"$OIDC_PROVIDER:sub": "system:serviceaccount:${EXTERNALDNS_NS}:external-dns",
"$OIDC_PROVIDER:aud": "sts.amazonaws.com"
}
}
}
]
}
EOF
IRSA_ROLE="nexusrepo-external-dns-irsa-role"
aws iam create-role --role-name $IRSA_ROLE --assume-role-policy-document file://externaldns-trust.json
aws iam attach-role-policy --role-name $IRSA_ROLE --policy-arn $POLICY_ARN
ROLE_ARN=$(aws iam get-role --role-name $IRSA_ROLE --query Role.Arn --output text)
echo $ROLE_ARN
```
2. Take note of the ROLE_ARN outputted last above and specify it in your values.yaml for serviceAccount.externaldns.role
## Deployment ## Deployment
1. Add the sonatype repo to your helm: 1. Add the sonatype repo to your helm:
```helm repo add sonatype https://sonatype.github.io/helm3-charts/ ``` ```helm repo add sonatype https://sonatype.github.io/helm3-charts/ ```