nhyatt/nxrm3-helm-repository
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nxrm3-helm-repository/nxrm-aws-resiliency/README.md
Olu Shiyanbade 80cbc2c1b2 fix license
2022-08-25 19:16:06 +01:00

6.8 KiB
Raw Blame History

Helm Chart for a Resilient Nexus Repository Deployment in AWS

This Helm chart configures the Kubernetes resources that are needed for a resilient Nexus Repository deployment on AWS as described in our documented single-node cloud resilient deployment example using AWS.

Use the checklist below to determine if this Helm chart is suitable for your deployment needs.

When to Use This Helm Chart

Use this Helm chart if you are doing any of the following:

  • Deploying Nexus Repository Pro to an AWS cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region
  • Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region
  • Using an external PostgreSQL database

Note

: A Nexus Repository Pro license is required for our resilient deployment options. Your Nexus Repository Pro license file must be stored externally as mounted from AWS Secrets AWS (required).

Prerequisites for This Chart

In order to set up an environment like the one illustrated above and described in this section, you will need the following:

  • Kubernetes 1.19+
  • kubectl
  • Helm 3
  • A Nexus Repository Pro license
  • An AWS account with permissions for accessing the following AWS services:
    • Elastic Kubernetes Service (EKS)
    • Relational Database Service (RDS) for PostgreSQL
    • Application Load Balancer (ALB)
    • CloudWatch
    • Simple Storage Service (S3)
    • Secrets Manager

You will also need to complete the steps below. See the referenced AWS documentation for detailed configuration steps. Also see our resiliency documentation for more details about why these steps are necessary and how each AWS solution functions within a resilient deployment:

  1. Configure an EKS cluster - AWS documentation for managed nodes (i.e., EC2)
  2. Create an Aurora database cluster - AWS documentation for creating an Aurora database cluster
  3. Deploy the AWS Load Balancer Controller (LBC) to your EKS cluster - AWS documentation for deploying the AWS LBC to your EKS cluster
  4. Install AWS Secrets Store CSI drivers - You need to create an IAM service account using the eksctl create iamserviceaccount command. Before proceeding, read the points below as they contain important required steps to ensure this helm chart will work for you:
  • You must include two additional command parameters when running the command: --role-only and --namespace <nexusrepo namespace>
    • It is important to include the --role-only option in the eksctl create iamserviceaccount command so that the helm chart manages the Kubernetes service account.
  • The namespace you specify to the eksctl create iamserviceaccount must be the same namespace into which you will deploy the Nexus Repository pod.
    • Although the namespace does not exist at this point, you must specify it as part of the command. Do not create that namespace manually beforehand; the helm chart will create and manage it.
    • You should specify this same namespace as the value of nexusNs in your values.yaml.
  • Follow the instructions provided in the AWS Secrets Store CSI drivers documentation to install the AWS Secrets Store CSI drivers; ensure that you follow the additional instructions in the bullets above when you reach the eksctl create iamserviceaccount command on that page.
  1. Ensure that your EKS nodes are granted CloudWatchFullAccess and CloudWatchAgentServerPolicy IAM policies. This Helm chart will configure Fluentbit for log externalisation to CloudWatch.

Deployment

  1. Pull the nxrm-resiliency-aws-helmchart.
  2. Ensure you have updated your values.yaml with appropriate values for your environment.
  3. Install the chart using the following:

helm install nxrm nexus/nxrm-aws-resiliency --values values.yaml

  1. Get the Nexus Repository link using the following:

kubectl get ingresses -n nexusrepo

Health Check

You can use the following commands to perform various health checks:

See a list of releases:

helm list

Check pods using the following:

kubectl get pods -n nexusrepo

Check the Nexus Repository logs with the following:

kubectl logs <pod_name> -n nexusrepo nxrm-app

Check if the pod is OK by using the following; you shouldn't see any error/warning messages:

kubectl describe pod <pod_name> -n nexusrepo

Check if ingress is OK using the following:

kubectl describe ingress <ingress_name> -n nexusrepo

Check that the Fluent Bit pod is sending events to CloudWatch using the following:

kubectl logs -n amazon-cloudwatch <fluent-bit pod id>

If the above returns without error, then check CloudWatch for the /aws/containerinsights/<eks cluster name>/nexus-logs log group, which should contain four log streams.

Uninstall

To uninstall the deployment, use the following:

helm uninstall nxrm

After removing the deployment, ensure that the namespace is deleted and that Nexus Repository is not listed when using the following:

helm list