Skip to content

D
Demo Infra Nexus
Commit a4bae91e authored by João Lino's avatar João Lino
Browse files
Options

Add fork from https://github.com/Oteemo/charts/tree/master/charts/sonatype-nexus with minor tweaks.

parents
Show whitespace changes
Inline Side-by-side
Showing with 1368 additions and 0 deletions
.gitignore 0 → 100644
View file @ a4bae91e
##LDE specific
.project
*.iml
*.idea
.helmignore 0 → 100644
View file @ a4bae91e
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# OWNERS file for Kubernetes
OWNERS
*.tar
Chart.yaml 0 → 100644
View file @ a4bae91e
apiVersion: v1
name: sonatype-nexus
version: 2.0.0
appVersion: 3.21.2
description: Sonatype Nexus is an open source repository manager
keywords:
- artifacts
- dependency
- management
- sonatype
- nexus
- repository
home: https://www.sonatype.com/nexus-repository-oss
icon: http://www.sonatype.org/nexus/content/uploads/2015/06/Nexus-Logo.jpg
sources:
- https://github.com/sonatype/nexus-public
- https://github.com/travelaudience/docker-nexus
- https://github.com/travelaudience/kubernetes-nexus
- https://github.com/travelaudience/docker-nexus-backup
maintainers:
- name: rjkernick
email: rjkernick@gmail.com
- name: tsiddique
email: tsiddique@live.com
OWNERS 0 → 100644
View file @ a4bae91e
approvers:
- rjkernick
- tsiddique
reviewers:
- rjkernick
- tsiddique
README.md 0 → 100644
View file @ a4bae91e
# Nexus
[Nexus OSS](https://www.sonatype.com/nexus-repository-oss) is a free open source repository manager. It supports a wide range of package formats and it's used by hundreds of tech companies.
## Introduction
This chart bootstraps a Nexus OSS deployment on a cluster using Helm.
This setup is best configured in [GCP](https://cloud.google.com/) since:
- [google cloud storage](https://cloud.google.com/storage/) is used for backups
- [GCE Ingress controller](https://github.com/kubernetes/ingress/blob/master/docs/faq/gce.md) is used for using a pre-allocated static IP in GCE.
There is also the option of using a [proxy for Nexus](https://github.com/travelaudience/nexus-proxy) that authenticates Nexus against an external identity provider (only GCP IAM at the moment) which is **disabled** by default.
## Prerequisites
- Kubernetes 1.8+ with Beta APIs enabled
- PV provisioner support in the underlying infrastructure
- [Fulfill Nexus kubernetes requirements](https://github.com/travelaudience/kubernetes-nexus#pre-requisites)
### With GCP IAM enabled
All the [Prerequisites](#Prerequisites) should be in place, plus:
- [Fulfill GCP IAM requirements](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus-proxy.md#pre-requisites)
## Testing the Chart
To test the chart:
```bash
$ helm install --dry-run --debug ./
```
To test the chart with your own values:
```bash
$ helm install --dry-run --debug -f my_values.yaml ./
```
## Installing the Chart
To install the chart:
```bash
$ helm install oteemo.github.io/charts/sonatype-nexus
```
The above command deploys Nexus on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
The default login is admin/admin123
## Uninstalling the Chart
To uninstall/delete the deployment:
```bash
$ helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
plinking-gopher 1 Fri Sep 1 13:19:50 2017 DEPLOYED sonatype-nexus-0.1.0 default
$ helm delete plinking-gopher
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Official Nexus image vs TravelAudience
There are known issues with backups on the official image. If you want to swap in the official image, just override the values when installing the chart. Please note that backups will not work as expected with the official image.
* [https://issues.sonatype.org/browse/NEXUS-23442](https://issues.sonatype.org/browse/NEXUS-23442)
* [https://github.com/travelaudience/docker-nexus](https://github.com/travelaudience/docker-nexus)
## Configuration
The following table lists the configurable parameters of the Nexus chart and their default values.
| Parameter | Description | Default |
| ------------------------------------------ | ---------------------------------- | ----------------------------------------|
| `statefulset.enabled` | Use statefulset instead of deployment | `false` |
| `replicaCount` | Number of Nexus service replicas | `1` |
| `deploymentStrategy` | Deployment Strategy | `rollingUpdate` |
| `nexus.imageName` | Nexus image | `quay.io/travelaudience/docker-nexus` |
| `nexus.imageTag` | Version of Nexus | `3.21.2-03` |
| `nexus.imagePullPolicy` | Nexus image pull policy | `IfNotPresent` |
| `nexus.imagePullSecret` | Secret to download Nexus image from private registry | `nil` |
| `nexus.env` | Nexus environment variables | `[{install4jAddVmParams: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` |
| `nexus.resources` | Nexus resource requests and limits | `{}` |
| `nexus.dockerPort` | Port to access docker | `5003` |
| `nexus.nexusPort` | Internal port for Nexus service | `8081` |
| `nexus.service.type` | Service for Nexus |`CluserIP` |
| `nexus.service.clusterIp` | Specific cluster IP when service type is cluster IP. Use None for headless service |`nil` |
| `nexus.securityContextEnabled` | Security Context (for enabling official image use `fsGroup: 200`) | `{}` |
| `nexus.labels` | Service labels | `{}` |
| `nexus.podAnnotations` | Pod Annotations | `{}`
| `nexus.livenessProbe.initialDelaySeconds` | LivenessProbe initial delay | 30 |
| `nexus.livenessProbe.periodSeconds` | Seconds between polls | 30 |
| `nexus.livenessProbe.failureThreshold` | Number of attempts before failure | 6 |
| `nexus.livenessProbe.timeoutSeconds` | Time in seconds after liveness probe times out | `nil` |
| `nexus.livenessProbe.path` | Path for LivenessProbe | / |
| `nexus.readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay | 30 |
| `nexus.readinessProbe.periodSeconds` | Seconds between polls | 30 |
| `nexus.readinessProbe.failureThreshold` | Number of attempts before failure | 6 |
| `nexus.readinessProbe.timeoutSeconds` | Time in seconds after readiness probe times out | `nil` |
| `nexus.readinessProbe.path` | Path for ReadinessProbe | / |
| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] |
| `nexusProxy.enabled` | Enable nexus proxy | `true` |
| `nexusProxy.svcName` | Nexus proxy service name | `nil` |
| `nexusProxy.targetPort` | Container Port for Nexus proxy | `8080` |
| `nexusProxy.port` | Port for exposing Nexus | `8080` |
| `nexusProxy.imageName` | Proxy image | `quay.io/travelaudience/docker-nexus-proxy` |
| `nexusProxy.imageTag` | Proxy image version | `2.6.0` |
| `nexusProxy.imagePullPolicy` | Proxy image pull policy | `IfNotPresent` |
| `nexusProxy.resources` | Proxy resource requests and limits | `{}` |
| `nexusProxy.env.nexusHttpHost` | Nexus url to access Nexus | `nil` |
| `nexusProxy.env.nexusDockerHost` | Containers url to be used with docker | `nil` |
| `nexusProxy.env.enforceHttps` | Allow only https access or not | `false` |
| `nexusProxy.env.cloudIamAuthEnabled` | Enable GCP IAM authentication in Nexus proxy | `false` |
| `nexusProxyRoute.enabled` | Set to true to create route for additional service | `false` |
| `nexusProxyRoute.labels` | Labels to be added to proxy route | `{}` |
| `nexusProxyRoute.annotations` | Annotations to be added to proxy route | `{}` |
| `nexusProxyRoute.path` | Host name of Route e.g jenkins.example.com | nil |
| `persistence.enabled` | Create a volume for storage | `true` |
| `persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |
| `persistence.storageClass` | Storage class of Nexus PVC | `nil` |
| `persistence.storageSize` | Size of Nexus data volume | `8Gi` |
| `persistence.annotations` | Persistent Volume annotations | `{}` |
| `persistence.existingClaim` | Existing PVC name | `nil` |
| `nexusBackup.enabled` | Nexus backup process | `false` |
| `nexusBackup.imageName` | Nexus backup image | `quay.io/travelaudience/docker-nexus-backup` |
| `nexusBackup.imageTag` | Nexus backup image version | `1.5.0` |
| `nexusBackup.imagePullPolicy` | Backup image pull policy | `IfNotPresent` |
| `nexusBackup.env.targetBucket` | Required if `nexusBackup` is enabled. Google Cloud Storage bucker for backups format `gs://BACKUP_BUCKET` | `nil` |
| `nexusBackup.nexusAdminPassword` | Nexus admin password used by the backup container to access Nexus API. This password should match the one that gets chosen by the user to replace the default admin password after the first login | `admin123` |
| `nexusBackup.persistence.enabled` | Create a volume for backing Nexus configuration | `true` |
| `nexusBackup.persistence.accessMode` | ReadWriteOnce or ReadOnly | `ReadWriteOnce` |
| `nexusBackup.persistence.storageClass` | Storage class of Nexus backup PVC | `nil` |
| `nexusBackup.persistence.storageSize` | Size of Nexus backup data volume | `8Gi` |
| `nexusBackup.persistence.annotations` | PV annotations for backup | `{}` |
| `nexusBackup.persistence.existingClaim` | Existing PVC name for backup | `nil` |
| `nexusBackup.resources` | Backup resource requests and limits | `{}` |
| `ingress.enabled` | Create an ingress for Nexus | `false` |
| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` |
| `ingress.tls.enabled` | Enable TLS | `true` |
| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` |
| `ingress.path` | Path for ingress rules. GCP users should set to `/*` | `/` |
| `tolerations` | tolerations list | `[]` |
| `config.enabled` | Enable configmap | `false` |
| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` |
| `config.data` | Configmap data | `nil` |
| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` |
| `deployment.initContainers` | Init containers to run before main containers | `nil` |
| `deployment.postStart.command` | Command to run after starting the nexus container | `nil` |
| `deployment.additionalContainers` | Add additional Container | `nil` |
| `deployment.additionalVolumes` | Add additional Volumes | `nil` |
| `deployment.additionalVolumeMounts` | Add additional Volume mounts | `nil` |
| `secret.enabled` | Enable secret | `false` |
| `secret.mountPath` | Path to mount the secret | `/etc/secret-volume` |
| `secret.readOnly` | Secret readonly state | `true` |
| `secret.data` | Secret data | `nil` |
| `service.enabled` | Enable additional service | `nil` |
| `service.name` | Service name | `nil` |
| `service.portName` | Service port name | `nil` |
| `service.labels` | Service labels | `nil` |
| `service.annotations` | Service annotations | `nil` |
| `service.loadBalancerSourceRanges` | Service LoadBalancer source IP whitelist | `nil` |
| `service.targetPort` | Service port | `nil` |
| `service.port` | Port for exposing service | `nil` |
| `serviceAccount.create` | Automatically create a service account | `true` |
| `serviceAccount.name` | Service account to use | `nil` |
| `serviceAccount.annotations` | Service account annotations | `nil` |
| `route.enabled` | Set to true to create route for additional service | `false` |
| `route.name` | Name of route | `docker` |
| `route.portName` | Target port name of service | `docker` |
| `route.labels` | Labels to be added to route | `{}` |
| `route.annotations` | Annotations to be added to route | `{}` |
| `route.path` | Host name of Route e.g jenkins.example.com | nil |
If `nexusProxy.env.cloudIamAuthEnabled` is set to `true` the following variables need to be configured
| Parameter | Description | Default |
| ----------------------------- | ---------------------------------- | ---------------------------------------------------- |
| `nexusProxy.env.clientId` | GCP OAuth client ID | `nil` |
| `nexusProxy.env.clientSecret` | GCP OAuth client Secret | `nil` |
| `nexusProxy.env.organizationId` | GCP organization ID | `nil` |
| `nexusProxy.env.redirectUrl` | OAuth callback url. example `https://nexus.example.com/oauth/callback` | `nil` |
| `nexusProxy.env.requiredMembershipVerification` | Whether users presenting valid JWT tokens must still be verified for membership within the GCP organization. | `true` |
| `nexusProxy.secrets.keystore` | base-64 encoded value of the keystore file needed for the proxy to sign user tokens. Example: cat keystore.jceks | base64 | `nil` |
| `nexusProxy.secrets.password` | Password to the Java Keystore file | `nil` |
```bash
$ helm install --name my-release --set persistence.enabled=false stable/sonatype-nexus
```
The above example turns off the persistence. Data will not be kept between restarts or deployments
Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
```bash
$ helm install --name my-release -f my-values.yaml stable/sonatype-nexus
```
### Persistence
By default a PersistentVolumeClaim is created and mounted into the `/nexus-data` directory. In order to disable this functionality
you can change the `values.yaml` to disable persistence which will use an `emptyDir` instead.
> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."*
You must enable StatefulSet (`statefulset.enabled=true`) for true data persistence. If using Deployment approach, you can not recover data after restart or delete of helm chart. Statefulset will make sure that it picks up the same old volume which was used by the previous life of the nexus pod, helping you recover your data. When enabling statefulset, its required to enable the persistence.
### Recommended settings
As a minimum for running in production, the following settings are advised:
```yaml
nexusProxy:
env:
nexusDockerHost: container.example.com
nexusHttpHost: nexus.example.com
nexusBackup:
env:
targetBucket: "gs://my-nexus-backup"
persistence:
storageClass: standard
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: gce
kubernetes.io/tls-acme: true
persistence:
storageClass: standard
storageSize: 1024Gi
resources:
requests:
cpu: 250m
# Based on https://support.sonatype.com/hc/en-us/articles/115006448847#mem
# and https://twitter.com/analytically/status/894592422382063616:
# Xms == Xmx
# Xmx <= 4G
# MaxDirectMemory >= 2G
# Xmx + MaxDirectMemory <= RAM * 2/3 (hence the request for 4800Mi)
# MaxRAMFraction=1 is not being set as it would allow the heap
# to use all the available memory.
memory: 4800Mi
```
## After Installing the Chart
After installing the chart a couple of actions need still to be done in order to use nexus. Please follow the instructions below.
### Nexus Configuration
The following steps need to be executed in order to use Nexus:
- [Configure Nexus](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus.md)
- [Configure Backups](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus.md#configure-backup)
and if GCP IAM authentication is enabled, please also check:
- [Enable GCP IAM authentication in Nexus ](https://github.com/travelaudience/kubernetes-nexus/blob/master/docs/admin/configuring-nexus-proxy.md#enable-gcp-iam-auth)
### Nexus Usage
To see how to use Nexus with different tools like Docker, Maven, Python, and so on please check:
- [Nexus Usage](https://github.com/travelaudience/kubernetes-nexus#usage)
### Disaster Recovery
In a disaster recovery scenario, the latest backup made by the nexus-backup container should be restored. In order to achieve this please follow the procedure described below:
- [Restore Backups](https://github.com/travelaudience/kubernetes-nexus#restore)
demo-infra-nexus-install.sh 0 → 100644
View file @ a4bae91e
#!/bin/sh
__is_pod_ready() {
POD_STATUS="False"
while [ "$POD_STATUS" != "True" ];
do
echo "waiting for pod..."
sleep 5
POD_STATUS=$(kubectl get pods --namespace demo-infra -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=demo-infra-nexus" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')
done
}
# install nexus
helm install -f values.yaml --namespace demo-infra --kubeconfig ~/.kube/config demo-infra-nexus oteemo.github.io/charts/sonatype-nexus
# wait for it to become ready
__is_pod_ready
# print admin password
#export JENKINS_PASS=$(kubectl get secret --namespace demo-infra demo-infra-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode)
echo "HOST: http://192.168.1.194:8180 USERNAME: admin PASSWORD: admin123"
# expose
export POD_NAME=$(kubectl get pods --namespace demo-infra -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=demo-infra-jenkins" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace demo-infra port-forward $POD_NAME 8180:8080 --address 0.0.0.0 &
demo-infra-nexus-uninstall.sh 0 → 100644
View file @ a4bae91e
#!/bin/sh
# use helm for uninstall
helm uninstall --namespace demo-infra --kubeconfig ~/.kube/config demo-infra-jenkins
templates/NOTES.txt 0 → 100644
View file @ a4bae91e
1. To access Nexus:
NOTE: It may take a few minutes for the ingress load balancer to become available or the backends to become HEALTHY.
You can watch the status of the backends by running:
`kubectl get ingress -o jsonpath='{.items[*].metadata.annotations.ingress\.kubernetes\.io/backends}'`
To access Nexus you can check:
{{- if .Values.nexusProxy.env.enforceHttps }}
https://{{ .Values.nexusProxy.env.nexusHttpHost }}
{{- else }}
http://{{ .Values.nexusProxy.env.nexusHttpHost }}
{{- end }}
2. Login with the following credentials
username: admin
password: {{ .Values.nexusBackup.nexusAdminPassword }}
3. Change Your password after the first login
{{- if .Values.nexusBackup.enabled }}
Once you login you should change your admin password to match the value of `nexusBackup.env.nexusAdminPassword`
This is important for security reasons and also because backup container needs this password set for admin user
to access Nexus API to run backups.
{{- end }}
4. Next steps in configuration
Please follow the link below to the README for nexus configuration, usage, backups and DR info:
https://github.com/helm/charts/tree/master/stable/sonatype-nexus#after-installing-the-chart
templates/_helpers.tpl 0 → 100644
View file @ a4bae91e
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nexus.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nexus.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nexus.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified name for proxy keystore secret.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nexus.proxy-ks.name" -}}
{{- printf "%s-%s" (include "nexus.fullname" .) "proxy-ks" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* Manage the labels for each entity */}}
{{- define "nexus.labels" -}}
app: {{ template "nexus.name" . }}
fullname: {{ template "nexus.fullname" . }}
chart: {{ template "nexus.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end -}}
templates/backup-pv.yaml 0 → 100644
View file @ a4bae91e
{{- if not .Values.statefulset.enabled }}
{{- if .Values.nexusBackup.persistence.pdName -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.nexusBackup.persistence.pdName }}
labels:
{{ include "nexus.labels" . | indent 4 }}
spec:
capacity:
storage: {{ .Values.nexusBackup.persistence.storageSize }}
accessModes:
- ReadWriteOnce
claimRef:
name: {{ template "nexus.fullname" . }}-backup
namespace: {{ .Release.Namespace }}
gcePersistentDisk:
pdName: {{ .Values.nexusBackup.persistence.pdName }}
fsType: {{ .Values.nexusBackup.persistence.fsType }}
{{- end }}
{{- end }}
templates/backup-pvc.yaml 0 → 100644
View file @ a4bae91e
{{- if not .Values.statefulset.enabled }}
{{- if and .Values.nexusBackup.persistence.enabled (not .Values.nexusBackup.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "nexus.fullname" . }}-backup
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexusBackup.persistence.annotations }}
annotations:
{{ toYaml .Values.nexusBackup.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.nexusBackup.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.nexusBackup.persistence.storageSize | quote }}
{{- if .Values.nexusBackup.persistence.storageClass }}
{{- if (eq "-" .Values.nexusBackup.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nexusBackup.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
templates/backup-secret.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.nexusBackup.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
type: Opaque
data:
nexus.nexusAdminPassword: {{ printf "%s%s" "Basic " (printf "%s%s" "admin:" .Values.nexusBackup.nexusAdminPassword | b64enc) | cat | b64enc | quote }}
{{- end }}
templates/configmap.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.config.enabled -}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "nexus.name" . }}-conf
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
data:
{{ toYaml .Values.config.data | indent 2 }}
{{- end }}
\ No newline at end of file
templates/deployment-statefulset.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.statefulset.enabled }}
apiVersion: apps/v1
kind: StatefulSet
{{- else }}
apiVersion: apps/v1
kind: Deployment
{{- end }}
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
{{- if .Values.deployment.annotations }}
annotations:
{{ toYaml .Values.deployment.annotations | indent 4 }}
{{- end }}
spec:
replicas: {{ .Values.replicaCount }}
{{- if .Values.statefulset.enabled }}
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
{{- end }}
{{- if .Values.deploymentStrategy }}
strategy:
{{ toYaml .Values.deploymentStrategy | indent 4 }}
{{- end }}
selector:
matchLabels:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
template:
metadata:
{{- if .Values.nexus.podAnnotations }}
annotations:
{{ toYaml .Values.nexus.podAnnotations | indent 8}}
{{- end }}
labels:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
spec:
{{- if .Values.deployment.initContainers }}
initContainers:
{{ toYaml .Values.deployment.initContainers | indent 6 }}
{{- end }}
{{- if .Values.nexus.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nexus.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.nexus.hostAliases }}
hostAliases:
{{ toYaml .Values.nexus.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.nexus.imagePullSecret }}
imagePullSecrets:
- name: {{ .Values.nexus.imagePullSecret }}
{{- end }}
{{- if .Values.serviceAccount.create }}
serviceAccountName: {{ template "nexus.fullname" . }}
{{- else }}
serviceAccountName: {{ .Values.serviceAccount.name | quote }}
{{- end }}
{{- if .Values.nexus.priorityClassName }}
priorityClassName: {{ .Values.nexus.priorityClassName }}
{{- end }}
containers:
- name: nexus
image: {{ .Values.nexus.imageName }}:{{ .Values.nexus.imageTag }}
imagePullPolicy: {{ .Values.nexus.imagePullPolicy }}
{{- if .Values.deployment.postStart.command }}
lifecycle:
postStart:
exec:
command: {{ .Values.deployment.postStart.command }}
{{- end }}
env:
{{ toYaml .Values.nexus.env | indent 12 }}
resources:
{{ toYaml .Values.nexus.resources | indent 12 }}
ports:
- containerPort: {{ .Values.nexus.dockerPort }}
name: nexus-docker-g
- containerPort: {{ .Values.nexus.nexusPort }}
name: nexus-http
livenessProbe:
httpGet:
path: {{ .Values.nexus.livenessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}
{{- if .Values.nexus.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}
{{- end }}
readinessProbe:
httpGet:
path: {{ .Values.nexus.readinessProbe.path }}
port: {{ .Values.nexus.nexusPort }}
initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}
{{- if .Values.nexus.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}
{{- end }}
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.fullname" . }}-data
- mountPath: /nexus-data/backup
name: {{ template "nexus.fullname" . }}-backup
{{- if .Values.config.enabled }}
- mountPath: {{ .Values.config.mountPath }}
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.secret.enabled }}
- mountPath: {{ .Values.secret.mountPath }}
name: {{ template "nexus.name" . }}-secret
readOnly: {{ .Values.secret.readOnly }}
{{- end }}
{{- if .Values.deployment.additionalVolumeMounts}}
{{ toYaml .Values.deployment.additionalVolumeMounts | indent 12 }}
{{- end }}
{{- if .Values.nexusProxy.enabled }}
- name: nexus-proxy
image: {{ .Values.nexusProxy.imageName }}:{{ .Values.nexusProxy.imageTag }}
resources:
{{ toYaml .Values.nexusProxy.resources | indent 12 }}
imagePullPolicy: {{ .Values.nexusProxy.imagePullPolicy }}
env:
- name: ALLOWED_USER_AGENTS_ON_ROOT_REGEX
value: "GoogleHC"
- name: CLOUD_IAM_AUTH_ENABLED
value: {{ .Values.nexusProxy.env.cloudIamAuthEnabled | quote }}
- name: BIND_PORT
value: {{ .Values.nexusProxy.targetPort | quote }}
- name: ENFORCE_HTTPS
value: {{ .Values.nexusProxy.env.enforceHttps | quote }}
- name: NEXUS_DOCKER_HOST
value: {{ .Values.nexusProxy.env.nexusDockerHost | quote }}
- name: NEXUS_HTTP_HOST
value: {{ .Values.nexusProxy.env.nexusHttpHost | quote }}
- name: UPSTREAM_DOCKER_PORT
value: {{ .Values.nexus.dockerPort | quote }}
- name: UPSTREAM_HTTP_PORT
value: {{ .Values.nexus.nexusPort | quote }}
- name: UPSTREAM_HOST
value: "localhost"
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
- name: NEXUS_RUT_HEADER
value: "X-Forwarded-User"
- name: CLIENT_ID
value: {{ .Values.nexusProxy.env.clientId | quote }}
- name: CLIENT_SECRET
value: {{ .Values.nexusProxy.env.clientSecret | quote }}
- name: ORGANIZATION_ID
value: {{ .Values.nexusProxy.env.organizationId | quote }}
- name: REDIRECT_URL
value: {{ .Values.nexusProxy.env.redirectUrl | quote }}
- name: KEYSTORE_PASS
valueFrom:
secretKeyRef:
name: {{ template "nexus.proxy-ks.name" . }}
key: password
- name: KEYSTORE_PATH
value: "/nexus-proxy-ks/keystore"
- name: AUTH_CACHE_TTL
value: "60000"
- name: SESSION_TTL
value: "86400000"
- name: JWT_REQUIRES_MEMBERSHIP_VERIFICATION
value: {{ .Values.nexusProxy.env.requiredMembershipVerification | quote }}
{{- end }}
ports:
- containerPort: {{ .Values.nexusProxy.targetPort }}
name: nexus-proxy
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
volumeMounts:
- mountPath: /nexus-proxy-ks
name: {{ template "nexus.proxy-ks.name" . }}
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.nexusBackup.enabled }}
- name: nexus-backup
image: {{ .Values.nexusBackup.imageName }}:{{ .Values.nexusBackup.imageTag }}
imagePullPolicy: {{ .Values.nexusBackup.imagePullPolicy }}
resources:
{{ toYaml .Values.nexusBackup.resources | indent 12 }}
env:
- name: NEXUS_AUTHORIZATION
valueFrom:
secretKeyRef:
key: nexus.nexusAdminPassword
name: {{ template "nexus.fullname" . }}
- name: NEXUS_BACKUP_DIRECTORY
value: /nexus-data/backup
- name: NEXUS_DATA_DIRECTORY
value: /nexus-data
- name: NEXUS_LOCAL_HOST_PORT
value: "localhost:{{ .Values.nexus.nexusPort }}"
- name: OFFLINE_REPOS
value: "maven-central maven-public maven-releases maven-snapshots"
- name: TARGET_BUCKET
value: {{ .Values.nexusBackup.env.targetBucket | quote }}
- name: GRACE_PERIOD
value: "60"
- name: TRIGGER_FILE
value: .backup
volumeMounts:
- mountPath: /nexus-data
name: {{ template "nexus.fullname" . }}-data
- mountPath: /nexus-data/backup
name: {{ template "nexus.fullname" . }}-backup
{{- end }}
{{- if .Values.deployment.additionalContainers }}
{{ toYaml .Values.deployment.additionalContainers | indent 8 }}
{{- end }}
{{- if .Values.nexus.securityContextEnabled }}
securityContext:
{{ toYaml .Values.nexus.securityContext | indent 8 }}
{{- end }}
volumes:
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
- name: {{ template "nexus.proxy-ks.name" . }}
secret:
secretName: {{ template "nexus.proxy-ks.name" . }}
{{- end }}
{{- if .Values.statefulset.enabled }}
{{- if not .Values.persistence.enabled }}
- name: {{ template "nexus.fullname" . }}-data
emptyDir: {}
{{- end }}
{{- if not .Values.nexusBackup.persistence.enabled }}
- name: {{ template "nexus.fullname" . }}-backup
emptyDir: {}
{{- end }}
{{- else }}
- name: {{ template "nexus.fullname" . }}-data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
{{- else }}
emptyDir: {}
{{- end }}
- name: {{ template "nexus.fullname" . }}-backup
{{- if .Values.nexusBackup.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.nexusBackup.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "backup") }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}
{{- if .Values.config.enabled }}
- name: {{ template "nexus.name" . }}-conf
configMap:
name: {{ template "nexus.name" . }}-conf
{{- end }}
{{- if .Values.secret.enabled }}
- name: {{ template "nexus.name" . }}-secret
secret:
secretName: {{ template "nexus.name" . }}-secret
{{- end }}
{{- if .Values.deployment.additionalVolumes }}
{{ toYaml .Values.deployment.additionalVolumes | indent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{ toYaml . | indent 8 }}
{{- end }}
## create pvc in case of statefulsets
{{- if .Values.statefulset.enabled }}
volumeClaimTemplates:
{{- if .Values.persistence.enabled }}
- metadata:
name: {{ template "nexus.fullname" . }}-data
labels:
{{ include "nexus.labels" . | indent 10 }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.storageSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.nexusBackup.persistence.enabled }}
- metadata:
name: {{ template "nexus.fullname" . }}-backup
labels:
{{ include "nexus.labels" . | indent 10 }}
{{- if .Values.nexusBackup.persistence.annotations }}
annotations:
{{ toYaml .Values.nexusBackup.persistence.annotations | indent 10 }}
{{- end }}
spec:
accessModes:
- {{ .Values.nexusBackup.persistence.accessMode }}
resources:
requests:
storage: {{ .Values.nexusBackup.persistence.storageSize | quote }}
{{- if .Values.nexusBackup.persistence.storageClass }}
{{- if (eq "-" .Values.nexusBackup.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.nexusBackup.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
templates/ingress.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.ingress.enabled -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ template "nexus.fullname" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- range $key, $value := .Values.ingress.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
rules:
{{- if .Values.nexusProxy.env.nexusHttpHost }}
- host: {{ .Values.nexusProxy.env.nexusHttpHost }}
http:
paths:
- backend:
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
{{- if .Values.nexusProxy.enabled }}
servicePort: {{ .Values.nexusProxy.port }}
{{- else }}
servicePort: {{ .Values.nexus.nexusPort }}
{{- end }}
path: {{ .Values.ingress.path }}
{{- end }}
{{- if .Values.nexusProxy.enabled -}}
{{- if .Values.nexusProxy.env.nexusDockerHost }}
- host: {{ .Values.nexusProxy.env.nexusDockerHost }}
http:
paths:
- backend:
{{- if .Values.nexusProxy.svcName }}
serviceName: {{ .Values.nexusProxy.svcName }}
{{- else }}
serviceName: {{ template "nexus.fullname" . }}
{{- end }}
servicePort: {{ .Values.nexusProxy.port }}
path: {{ .Values.ingress.path }}
{{- end }}
{{- end -}}
{{- with .Values.ingress.rules }}
{{- toYaml . | nindent 4 }}
{{- end -}}
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
{{- if .Values.nexusProxy.env.nexusHttpHost }}
- {{ .Values.nexusProxy.env.nexusHttpHost }}
{{- end }}
{{- if .Values.nexusProxy.env.nexusDockerHost }}
- {{ .Values.nexusProxy.env.nexusDockerHost }}
{{- end }}
{{- if .Values.ingress.tls.secretName }}
secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- end }}
{{- end -}}
{{- end }}
templates/proxy-ks-secret.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.proxy-ks.name" . }}
labels:
{{ include "nexus.labels" . | indent 4 }}
type: Opaque
data:
keystore: {{ .Values.nexusProxy.secrets.keystore }}
password: {{ .Values.nexusProxy.secrets.password | b64enc }}
{{- end}}
templates/proxy-route.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.nexusProxyRoute.enabled }}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ template "nexus.fullname" . }}
labels: {{ .Values.nexusProxyRoute.labels }}
annotations:
{{- range $key, $value := .Values.nexusProxyRoute.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
host: {{ .Values.nexusProxyRoute.path }}
port:
{{- if .Values.nexusProxy.svcName }}
targetPort: {{ .Values.nexusProxy.svcName }}
{{- else }}
targetPort: {{ template "nexus.fullname" . }}
{{- end }}
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
weight: 100
wildcardPolicy: None
{{- end }}
templates/proxy-svc.yaml 0 → 100644
View file @ a4bae91e
{{- if or .Values.nexusProxy.enabled .Values.ingress.enabled }}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
{{- if .Values.nexusProxy.labels }}
{{ toYaml .Values.nexusProxy.labels | indent 4 }}
{{- end }}
{{- if .Values.nexus.annotations }}
annotations:
{{ toYaml .Values.nexus.annotations | indent 4 }}
{{- end }}
spec:
ports:
{{- if .Values.nexusProxy.enabled }}
- port: {{ .Values.nexusProxy.port }}
{{- else }}
- port: {{ .Values.nexus.nexusPort }}
{{- end }}
{{- if .Values.nexusProxy.svcName }}
name: {{ .Values.nexusProxy.svcName }}
{{- else }}
name: {{ template "nexus.fullname" . }}
{{- end }}
protocol: TCP
{{- if .Values.nexusProxy.enabled }}
targetPort: {{ .Values.nexusProxy.targetPort }}
{{- else }}
targetPort: {{ .Values.nexus.nexusPort }}
{{- end }}
selector:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
type: {{ .Values.nexus.service.type }}
{{- if and (eq .Values.nexus.service.type "ClusterIP") .Values.nexus.service.clusterIP }}
clusterIP: {{ .Values.nexus.service.clusterIP }}
{{- end }}
{{- end }}
templates/pv.yaml 0 → 100644
View file @ a4bae91e
{{- if not .Values.statefulset.enabled }}
{{- if .Values.persistence.pdName -}}
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.persistence.pdName }}
labels:
{{ include "nexus.labels" . | indent 4 }}
spec:
capacity:
storage: {{ .Values.persistence.storageSize }}
accessModes:
- ReadWriteOnce
claimRef:
namespace: {{ .Release.Namespace }}
name: {{ template "nexus.fullname" . }}-data
gcePersistentDisk:
pdName: {{ .Values.persistence.pdName }}
fsType: {{ .Values.persistence.fsType }}
{{- end }}
{{- end }}
templates/pvc.yaml 0 → 100644
View file @ a4bae91e
{{- if not .Values.statefulset.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "nexus.fullname" . }}-data
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.storageSize | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
templates/route.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.route.enabled }}
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: {{ .Values.route.name }}
labels: {{ .Values.route.labels }}
annotations:
{{- range $key, $value := .Values.route.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
host: {{ .Values.route.path }}
port:
targetPort: {{ .Values.service.portName }}
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
{{- if .Values.service.name }}
name: {{ .Values.service.name }}
{{- else }}
name: {{ template "nexus.name" . }}-service
{{- end }}
weight: 100
wildcardPolicy: None
status:
ingress: []
{{- end }}
templates/secret.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.secret.enabled -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "nexus.name" . }}-secret
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.nexus.labels }}
{{ toYaml .Values.nexus.labels | indent 4 }}
{{- end }}
data:
{{ toYaml .Values.secret.data | indent 2 }}
{{- end}}
templates/service.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.service.enabled -}}
apiVersion: v1
kind: Service
metadata:
{{- if .Values.service.name }}
name: {{ .Values.service.name }}
{{- else }}
name: {{ template "nexus.name" . }}-service
{{- end }}
labels:
{{ include "nexus.labels" . | indent 4 }}
{{- if .Values.service.labels }}
{{ toYaml .Values.service.labels | indent 4 }}
{{- end }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
ports:
{{- if .Values.service.portName }}
- name: {{ .Values.service.portName }}
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
{{- end }}
{{- with .Values.service.ports }}
{{ toYaml . | indent 2 }}
{{- end }}
selector:
app: {{ template "nexus.name" . }}
release: {{ .Release.Name }}
type: {{ .Values.service.type }}
{{ if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range .Values.service.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{ end }}
{{- end}}
templates/serviceaccount.yaml 0 → 100644
View file @ a4bae91e
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "nexus.fullname" . }}
{{- if .Values.serviceAccount.annotations }}
annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }}
{{- end }}
{{- end }}
values.yaml 0 → 100644
View file @ a4bae91e
statefulset:
enabled: false
replicaCount: 1
# By default deploymentStrategy is set to rollingUpdate with maxSurge of 25% and maxUnavailable of 25% . you can change type to `Recreate` or can uncomment `rollingUpdate` specification and adjust them to your usage.
deploymentStrategy: {}
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# type: RollingUpdate
nexus:
imageName: quay.io/travelaudience/docker-nexus
imageTag: 3.21.2-03
imagePullPolicy: IfNotPresent
# Uncomment this to scheduler pods on priority
# priorityClassName: "high-priority"
env:
- name: install4jAddVmParams
value: "-Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
- name: NEXUS_SECURITY_RANDOMPASSWORD
value: "false"
# nodeSelector:
# cloud.google.com/gke-nodepool: default-pool
resources: {}
# requests:
## Based on https://support.sonatype.com/hc/en-us/articles/115006448847#mem
## and https://twitter.com/analytically/status/894592422382063616:
## Xms == Xmx
## Xmx <= 4G
## MaxDirectMemory >= 2G
## Xmx + MaxDirectMemory <= RAM * 2/3 (hence the request for 4800Mi)
## MaxRAMFraction=1 is not being set as it would allow the heap
## to use all the available memory.
# cpu: 250m
# memory: 4800Mi
# The ports should only be changed if the nexus image uses a different port
dockerPort: 5003
nexusPort: 8081
service:
type: NodePort
# clusterIP: None
# annotations: {}
## When using LoadBalancer service type, use the following AWS certificate from ACM
## https://aws.amazon.com/documentation/acm/
# service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123"
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "https"
# service.beta.kubernetes.io/aws-load-balancer-backend-port: "https"
## When using LoadBalancer service type, whitelist these source IP ranges
## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
# loadBalancerSourceRanges:
# - 192.168.1.10/32
# labels: {}
securityContextEnabled: true
securityContext:
fsGroup: 200
podAnnotations: {}
livenessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
# timeoutSeconds: 10
path: /
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 6
# timeoutSeconds: 10
path: /
# hostAliases allows the modification of the hosts file inside a container
hostAliases: []
# - ip: "192.168.1.10"
# hostnames:
# - "example.com"
# - "www.example.com"
route:
enabled: false
name: docker
portName: docker
labels:
annotations:
# path: /docker
nexusProxy:
enabled: true
# svcName: proxy-svc
imageName: quay.io/travelaudience/docker-nexus-proxy
imageTag: 2.6.0
imagePullPolicy: IfNotPresent
port: 8080
targetPort: 8080
# labels: {}
env:
nexusDockerHost:
nexusHttpHost:
enforceHttps: false
cloudIamAuthEnabled: false
## If cloudIamAuthEnabled is set to true uncomment the variables below and remove this line
# clientId: ""
# clientSecret: ""
# organizationId: ""
# redirectUrl: ""
# requiredMembershipVerification: "true"
# secrets:
# keystore: ""
# password: ""
resources: {}
# requests:
# cpu: 100m
# memory: 256Mi
# limits:
# cpu: 200m
# memory: 512Mi
nexusProxyRoute:
enabled: true
labels:
annotations:
path: /nexus
persistence:
enabled: true
accessMode: ReadWriteOnce
## If defined, storageClass: <storageClass>
## If set to "-", storageClass: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClass spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# existingClaim:
# annotations:
# "helm.sh/resource-policy": keep
# storageClass: "-"
storageSize: 8Gi
# If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.
# pdName: nexus-data-disk
# fsType: ext4
nexusBackup:
enabled: false
imageName: quay.io/travelaudience/docker-nexus-backup
imageTag: 1.5.0
imagePullPolicy: IfNotPresent
env:
targetBucket:
nexusAdminPassword: "admin123"
persistence:
enabled: true
# existingClaim:
# annotations:
# "helm.sh/resource-policy": keep
accessMode: ReadWriteOnce
# See comment above for information on setting the backup storageClass
# storageClass: "-"
storageSize: 8Gi
# If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.
# pdName: nexus-backup-disk
# fsType: ext4
resources: {}
# requests:
# cpu: 100m
# memory: 256Mi
# limits:
# cpu: 200m
# memory: 512Mi
serviceAccount:
# Specifies whether a service account should be created
create: true
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name:
annotations: {}
ingress:
enabled: false
path: /
labels: {}
annotations: {}
# # NOTE: Can't use 'false' due to https://github.com/jetstack/kube-lego/issues/173.
# kubernetes.io/ingress.allow-http: true
# kubernetes.io/ingress.class: gce
# kubernetes.io/ingress.global-static-ip-name: ""
# kubernetes.io/tls-acme: true
tls:
enabled: true
secretName: nexus-tls
# Specify custom rules in addition to or instead of the nexus-proxy rules
rules:
# - host: http://nexus.127.0.0.1.nip.io
# http:
# paths:
# - backend:
# serviceName: additional-svc
# servicePort: 80
tolerations: []
# # Enable configmap and add data in configmap
config:
enabled: false
mountPath: /sonatype-nexus-conf
data:
deployment:
# # Add annotations in deployment to enhance deployment configurations
annotations: {}
# # Add init containers. e.g. to be used to give specific permissions for nexus-data.
# # Add your own init container or uncomment and modify the given example.
initContainers:
# - name: fmp-volume-permission
# image: busybox
# imagePullPolicy: IfNotPresent
# command: ['chown','-R', '200', '/nexus-data']
# volumeMounts:
# - name: nexus-data
# mountPath: /nexus-data
# # Uncomment and modify this to run a command after starting the nexus container.
postStart:
command: # '["/bin/sh", "-c", "ls"]'
additionalContainers:
additionalVolumes:
additionalVolumeMounts:
# # To use an additional secret, set enable to true and add data
secret:
enabled: false
mountPath: /etc/secret-volume
readOnly: true
data:
# # To use an additional service, set enable to true
service:
type: ClusterIP
# name: additional-svc
enabled: false
labels: {}
annotations: {}
ports:
- name: nexus-service
targetPort: 80
port: 80
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment