├── .gitignore
├── nxrm-aws-resiliency
├── templates
│ ├── NOTES.txt
│ ├── storageclass.yaml
│ ├── workdir-configmap.yaml
│ ├── pvc.yaml
│ ├── namespaces.yaml
│ ├── serviceaccount.yaml
│ ├── pv.yaml
│ ├── services.yaml
│ ├── nxrm-logback-tasklogfile-override.yaml
│ ├── secret.yaml
│ ├── ingress.yaml
│ ├── workdir-daemonset.yaml
│ ├── external-dns-rbac.yml
│ ├── deployment.yaml
│ └── fluent-bit.yaml
├── LICENSE
├── Chart.yaml
├── README.md
└── values.yaml
├── docs
├── nxrm-aws-resiliency-41.1.0.tgz
├── nxrm-aws-resiliency-41.1.1.tgz
├── nxrm-aws-resiliency-41.1.2.tgz
├── nxrm-aws-resiliency-41.1.3.tgz
├── nxrm-aws-resiliency-42.0.0.tgz
├── nxrm-aws-resiliency-42.0.1.tgz
├── nxrm-aws-resiliency-43.0.0.tgz
├── nxrm-aws-resiliency-44.0.0.tgz
├── nxrm-aws-resiliency-45.0.0.tgz
├── nxrm-aws-resiliency-45.1.0.tgz
├── nxrm-aws-resiliency-46.0.0.tgz
├── nxrm-aws-resiliency-47.1.0.tgz
├── nxrm-aws-resiliency-48.0.0.tgz
├── nxrm-aws-resiliency-49.0.0.tgz
├── nxrm-aws-resiliency-50.0.0.tgz
├── nxrm-aws-resiliency-51.0.0.tgz
├── nxrm-aws-resiliency-52.0.0.tgz
├── nxrm-aws-resiliency-53.0.0.tgz
├── nxrm-aws-resiliency-53.1.0.tgz
├── nxrm-aws-resiliency-54.0.0.tgz
├── nxrm-aws-resiliency-54.1.0.tgz
├── nxrm-aws-resiliency-55.0.0.tgz
├── nxrm-aws-resiliency-56.0.0.tgz
├── nxrm-aws-resiliency-57.0.0.tgz
├── nxrm-aws-resiliency-57.1.0.tgz
├── nxrm-aws-resiliency-58.0.0.tgz
├── nxrm-aws-resiliency-58.1.0.tgz
├── nxrm-aws-resiliency-59.0.0.tgz
├── nxrm-aws-resiliency-60.0.0.tgz
├── nxrm-aws-resiliency-61.0.0.tgz
├── nxrm-aws-resiliency-61.0.2.tgz
├── nxrm-aws-resiliency-62.0.0.tgz
├── nxrm-aws-resiliency-63.0.0.tgz
├── nxrm-aws-resiliency-64.0.0.tgz
├── nxrm-aws-resiliency-64.1.0.tgz
├── nxrm-aws-resiliency-64.2.0.tgz
├── nexus-repository-manager-42.0.0.tgz
├── nexus-repository-manager-42.0.1.tgz
├── nexus-repository-manager-43.0.0.tgz
├── nexus-repository-manager-44.0.0.tgz
├── nexus-repository-manager-45.0.0.tgz
├── nexus-repository-manager-45.1.0.tgz
├── nexus-repository-manager-46.0.0.tgz
├── nexus-repository-manager-47.1.0.tgz
├── nexus-repository-manager-48.0.0.tgz
├── nexus-repository-manager-49.0.0.tgz
├── nexus-repository-manager-50.0.0.tgz
├── nexus-repository-manager-51.0.0.tgz
├── nexus-repository-manager-52.0.0.tgz
├── nexus-repository-manager-53.0.0.tgz
├── nexus-repository-manager-53.1.0.tgz
├── nexus-repository-manager-54.0.0.tgz
├── nexus-repository-manager-54.1.0.tgz
├── nexus-repository-manager-55.0.0.tgz
├── nexus-repository-manager-56.0.0.tgz
├── nexus-repository-manager-57.0.0.tgz
├── nexus-repository-manager-57.1.0.tgz
├── nexus-repository-manager-58.0.0.tgz
├── nexus-repository-manager-58.1.0.tgz
├── nexus-repository-manager-59.0.0.tgz
├── nexus-repository-manager-60.0.0.tgz
├── nexus-repository-manager-61.0.0.tgz
├── nexus-repository-manager-61.0.2.tgz
├── nexus-repository-manager-62.0.0.tgz
├── nexus-repository-manager-63.0.0.tgz
├── nexus-repository-manager-64.0.0.tgz
├── nexus-repository-manager-64.1.0.tgz
└── nexus-repository-manager-64.2.0.tgz
├── nexus-repository-manager
├── templates
│ ├── configmap.yaml
│ ├── secret.yaml
│ ├── serviceaccount.yaml
│ ├── configmap-properties.yaml
│ ├── test
│ │ ├── test-connection.yaml
│ │ └── test-check-logs.yaml
│ ├── proxy-route.yaml
│ ├── route.yaml
│ ├── pv.yaml
│ ├── pvc.yaml
│ ├── NOTES.txt
│ ├── service.yaml
│ ├── _helpers.tpl
│ ├── ingress.yaml
│ └── deployment.yaml
├── .helmignore
├── LICENSE
├── README.md
├── Chart.yaml
├── tests
│ ├── deployment_test.yaml
│ └── ingress_test.yaml
└── values.yaml
├── LICENSE
├── header.txt
├── Dockerfile
├── Jenkinsfile
├── upgrade.sh
├── README.md
├── Jenkinsfile-Release
└── SECURITY.md
/.gitignore:
--------------------------------------------------------------------------------
1 | .vs/**
2 | .idea/**
3 |
4 | **/test-output.xml
5 |
6 | .DS_Store
7 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | Thank you for installing {{ .Chart.Name }}.
2 |
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-41.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-41.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-41.1.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-41.1.1.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-41.1.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-41.1.2.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-41.1.3.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-41.1.3.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-42.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-42.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-42.0.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-42.0.1.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-43.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-43.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-44.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-44.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-45.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-45.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-45.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-45.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-46.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-46.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-47.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-47.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-48.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-48.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-49.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-49.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-50.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-50.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-51.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-51.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-52.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-52.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-53.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-53.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-53.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-53.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-54.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-54.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-54.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-54.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-55.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-55.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-56.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-56.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-57.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-57.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-57.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-57.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-58.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-58.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-58.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-58.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-59.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-59.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-60.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-60.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-61.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-61.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-61.0.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-61.0.2.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-62.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-62.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-63.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-63.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-64.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-64.0.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-64.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-64.1.0.tgz
--------------------------------------------------------------------------------
/docs/nxrm-aws-resiliency-64.2.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nxrm-aws-resiliency-64.2.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-42.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-42.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-42.0.1.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-42.0.1.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-43.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-43.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-44.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-44.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-45.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-45.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-45.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-45.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-46.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-46.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-47.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-47.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-48.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-48.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-49.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-49.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-50.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-50.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-51.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-51.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-52.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-52.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-53.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-53.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-53.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-53.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-54.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-54.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-54.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-54.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-55.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-55.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-56.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-56.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-57.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-57.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-57.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-57.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-58.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-58.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-58.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-58.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-59.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-59.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-60.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-60.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-61.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-61.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-61.0.2.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-61.0.2.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-62.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-62.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-63.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-63.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-64.0.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-64.0.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-64.1.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-64.1.0.tgz
--------------------------------------------------------------------------------
/docs/nexus-repository-manager-64.2.0.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/sonatype/nxrm3-helm-repository/HEAD/docs/nexus-repository-manager-64.2.0.tgz
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/storageclass.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: storage.k8s.io/v1
2 | kind: StorageClass
3 | metadata:
4 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-local-storage
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | provisioner: kubernetes.io/no-provisioner
7 | volumeBindingMode: WaitForFirstConsumer
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/workdir-configmap.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ .Values.workdir.configmap.name }}
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | data:
7 | create-nexus-work-dir.sh: |
8 | #!/bin/bash
9 | # Make Nexus Repository Manager work directory
10 | mkdir -p /nexus-repo-mgr-work-dir/work
11 |
12 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/pvc.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolumeClaim
3 | metadata:
4 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ebs-claim
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | spec:
7 | accessModes:
8 | - {{ .Values.pvc.accessModes }}
9 | storageClassName: local-storage
10 | resources:
11 | requests:
12 | storage: {{ .Values.pvc.storage }}
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/namespaces.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Namespace
3 | metadata:
4 | name: {{ .Values.namespaces.nexusNs }}
5 | ---
6 | {{- if .Values.fluentbit.enabled }}
7 | apiVersion: v1
8 | kind: Namespace
9 | metadata:
10 | name: {{ .Values.namespaces.cloudwatchNs }}
11 | {{- end }}
12 | ---
13 | {{- if .Values.externaldns.enabled }}
14 | apiVersion: v1
15 | kind: Namespace
16 | metadata:
17 | name: {{ .Values.namespaces.externaldnsNs }}
18 | {{- end }}
19 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/configmap.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.config.enabled -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ template "nexus.name" . }}-conf
6 | labels:
7 | {{ include "nexus.labels" . | indent 4 }}
8 | {{- if .Values.nexus.extraLabels }}
9 | {{- with .Values.nexus.extraLabels }}
10 | {{ toYaml . | indent 4 }}
11 | {{- end }}
12 | {{- end }}
13 | data:
14 | {{ toYaml .Values.config.data | indent 2 }}
15 | {{- end }}
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.secret.enabled -}}
2 | apiVersion: v1
3 | kind: Secret
4 | metadata:
5 | name: {{ template "nexus.name" . }}-secret
6 | labels:
7 | {{ include "nexus.labels" . | indent 4 }}
8 | {{- if .Values.nexus.extraLabels }}
9 | {{- with .Values.nexus.extraLabels }}
10 | {{ toYaml . | indent 4 }}
11 | {{- end }}
12 | {{- end }}
13 | data:
14 | {{ toYaml .Values.secret.data | indent 2 }}
15 | {{- end}}
16 |
--------------------------------------------------------------------------------
/nexus-repository-manager/.helmignore:
--------------------------------------------------------------------------------
1 | # Patterns to ignore when building packages.
2 | # This supports shell glob matching, relative path matching, and
3 | # negation (prefixed with !). Only one pattern per line.
4 | .DS_Store
5 | # Common VCS dirs
6 | .git/
7 | .gitignore
8 | .bzr/
9 | .bzrignore
10 | .hg/
11 | .hgignore
12 | .svn/
13 | # Common backup files
14 | *.swp
15 | *.bak
16 | *.tmp
17 | *~
18 | # Various IDEs
19 | .project
20 | .idea/
21 | *.tmproj
22 | # OWNERS file for Kubernetes
23 | OWNERS
24 | *.tar
25 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.serviceAccount.create -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ include "nexus.serviceAccountName" . }}
6 | labels: {{- include "nexus.labels" . | nindent 4 }}
7 | {{- if .Values.nexus.extraLabels }}
8 | {{- with .Values.nexus.extraLabels }}
9 | {{ toYaml . | indent 4 }}
10 | {{- end }}
11 | {{- end }}
12 | {{- with .Values.serviceAccount.annotations }}
13 | annotations: {{- toYaml . | nindent 4 }}
14 | {{- end }}
15 | {{- end }}
16 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/configmap-properties.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.nexus.properties.override -}}
2 | apiVersion: v1
3 | kind: ConfigMap
4 | metadata:
5 | name: {{ template "nexus.name" . }}-properties
6 | labels: {{- include "nexus.labels" . | nindent 4 }}
7 | {{- if .Values.nexus.extraLabels }}
8 | {{- with .Values.nexus.extraLabels }}
9 | {{ toYaml . | indent 4 }}
10 | {{- end }}
11 | {{- end }}
12 | data:
13 | nexus.properties: |
14 | {{- range $k, $v := .Values.nexus.properties.data }}
15 | {{ $k }}={{ $v }}
16 | {{- end }}
17 | {{- end }}
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/test/test-connection.yaml:
--------------------------------------------------------------------------------
1 | # This test checks that the server is up and running by making a wget
2 | apiVersion: v1
3 | kind: Pod
4 | metadata:
5 | name: "{{ .Release.Name }}-test-connection"
6 | annotations:
7 | "helm.sh/hook": test
8 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
9 | spec:
10 | containers:
11 | - name: {{ .Release.Name }}-test-connection
12 | image: busybox
13 | command: ['wget']
14 | args: ['{{ include "nexus.fullname" . }}:{{ .Values.nexus.nexusPort }}']
15 | restartPolicy: Never
16 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2020-present Sonatype, Inc.
2 |
3 | Licensed under the Apache License, Version 2.0 (the "License");
4 | you may not use this file except in compliance with the License.
5 | You may obtain a copy of the License at
6 |
7 | http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.
14 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/serviceaccount.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ServiceAccount
3 | metadata:
4 | name: {{ .Values.serviceAccount.name }}
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | annotations:
7 | eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.role }}
8 | ---
9 | {{- if .Values.externaldns.enabled }}
10 | apiVersion: v1
11 | kind: ServiceAccount
12 | metadata:
13 | name: {{ .Values.serviceAccount.externaldns.name }}
14 | namespace: {{ .Values.namespaces.externaldnsNs }}
15 | annotations:
16 | eks.amazonaws.com/role-arn: {{ .Values.serviceAccount.externaldns.role }}
17 | {{- end }}
18 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2020-present Sonatype, Inc.
2 |
3 | Licensed under the Apache License, Version 2.0 (the "License");
4 | you may not use this file except in compliance with the License.
5 | You may obtain a copy of the License at
6 |
7 | http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.
14 |
--------------------------------------------------------------------------------
/nexus-repository-manager/LICENSE:
--------------------------------------------------------------------------------
1 | Copyright (c) 2020-present Sonatype, Inc.
2 |
3 | Licensed under the Apache License, Version 2.0 (the "License");
4 | you may not use this file except in compliance with the License.
5 | You may obtain a copy of the License at
6 |
7 | http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | Unless required by applicable law or agreed to in writing, software
10 | distributed under the License is distributed on an "AS IS" BASIS,
11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | See the License for the specific language governing permissions and
13 | limitations under the License.
14 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/proxy-route.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.nexusProxyRoute.enabled }}
2 | apiVersion: route.openshift.io/v1
3 | kind: Route
4 | metadata:
5 | name: {{ template "nexus.fullname" . }}
6 | labels: {{ .Values.nexusProxyRoute.labels }}
7 | annotations:
8 | {{- range $key, $value := .Values.nexusProxyRoute.annotations }}
9 | {{ $key }}: {{ $value | quote }}
10 | {{- end }}
11 | spec:
12 | host: {{ .Values.nexusProxyRoute.path }}
13 | port:
14 | targetPort: {{ template "nexus.fullname" . }}
15 | tls:
16 | insecureEdgeTerminationPolicy: Redirect
17 | termination: edge
18 | to:
19 | kind: Service
20 | name: {{ template "nexus.fullname" . }}
21 | weight: 100
22 | wildcardPolicy: None
23 | {{- end }}
24 |
--------------------------------------------------------------------------------
/header.txt:
--------------------------------------------------------------------------------
1 | Sonatype Nexus (TM) Open Source Version
2 | Copyright (c) 2008-present Sonatype, Inc.
3 | All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
4 |
5 | This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
6 | which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
7 |
8 | Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
9 | of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
10 | Eclipse Foundation. All other trademarks are the property of their respective owners.
11 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/route.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.route.enabled }}
2 | apiVersion: route.openshift.io/v1
3 | kind: Route
4 | metadata:
5 | name: {{ .Values.route.name }}
6 | labels: {{ .Values.route.labels }}
7 | annotations:
8 | {{- range $key, $value := .Values.route.annotations }}
9 | {{ $key }}: {{ $value | quote }}
10 | {{- end }}
11 | spec:
12 | host: {{ .Values.route.path }}
13 | port:
14 | targetPort: {{ .Values.service.portName }}
15 | tls:
16 | insecureEdgeTerminationPolicy: Redirect
17 | termination: edge
18 | to:
19 | kind: Service
20 | {{- if .Values.service.name }}
21 | name: {{ .Values.service.name }}
22 | {{- else }}
23 | name: {{ template "nexus.name" . }}-service
24 | {{- end }}
25 | weight: 100
26 | wildcardPolicy: None
27 | {{- end }}
28 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/pv.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: PersistentVolume
3 | metadata:
4 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ebs-pv
5 | spec:
6 | capacity:
7 | storage: {{ .Values.pv.storage }}
8 | volumeMode: Filesystem
9 | accessModes:
10 | - {{ .Values.pv.accessModes }}
11 | persistentVolumeReclaimPolicy: {{ .Values.pv.reclaimPolicy }}
12 | storageClassName: local-storage
13 | local:
14 | path: {{ .Values.pv.path }}
15 | nodeAffinity:
16 | required:
17 | nodeSelectorTerms:
18 | - matchExpressions:
19 | - key: topology.kubernetes.io/zone
20 | operator: In
21 | values:
22 | {{- range $zone := .Values.pv.zones }}
23 | - {{ $zone }}
24 | {{- end }}
25 |
26 |
27 |
28 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/pv.yaml:
--------------------------------------------------------------------------------
1 | {{- if not .Values.statefulset.enabled }}
2 | {{- if .Values.persistence.pdName -}}
3 | apiVersion: v1
4 | kind: PersistentVolume
5 | metadata:
6 | name: {{ .Values.persistence.pdName }}
7 | labels:
8 | {{ include "nexus.labels" . | indent 4 }}
9 | {{- if .Values.nexus.extraLabels }}
10 | {{- with .Values.nexus.extraLabels }}
11 | {{ toYaml . | indent 4 }}
12 | {{- end }}
13 | {{- end }}
14 | spec:
15 | capacity:
16 | storage: {{ .Values.persistence.storageSize }}
17 | accessModes:
18 | - ReadWriteOnce
19 | claimRef:
20 | namespace: {{ .Release.Namespace }}
21 | name: {{ template "nexus.fullname" . }}-data
22 | gcePersistentDisk:
23 | pdName: {{ .Values.persistence.pdName }}
24 | fsType: {{ .Values.persistence.fsType }}
25 | {{- end }}
26 | {{- end }}
27 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | #
2 | # Sonatype Nexus (TM) Open Source Version
3 | # Copyright (c) 2008-present Sonatype, Inc.
4 | # All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
5 | #
6 | # This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
7 | # which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
8 | #
9 | # Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
10 | # of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
11 | # Eclipse Foundation. All other trademarks are the property of their respective owners.
12 | #
13 |
14 | FROM docker-all.repo.sonatype.com/alpine/helm:3.10.1
15 |
16 | RUN apk update && apk upgrade && \
17 | apk add --no-cache bash git openssh
18 |
19 | RUN mkdir /.local /.cache && chmod 777 /.local /.cache
20 |
21 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/services.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: Service
3 | metadata:
4 | name: {{ .Chart.Name }}-service
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | labels:
7 | app: nxrm
8 | spec:
9 | type: {{ .Values.service.nexus.type }}
10 | selector:
11 | app: nxrm
12 | ports:
13 | - protocol: {{ .Values.service.nexus.protocol }}
14 | port: {{ .Values.service.nexus.port }}
15 | targetPort: {{ .Values.service.nexus.targetPort }}
16 | ---
17 | {{- if .Values.service.docker.enabled -}}
18 | apiVersion: v1
19 | kind: Service
20 | metadata:
21 | name: {{ .Chart.Name }}-docker-service
22 | namespace: {{ .Values.namespaces.nexusNs }}
23 | labels:
24 | app: nxrm
25 | spec:
26 | type: {{ .Values.service.docker.type }}
27 | selector:
28 | app: nxrm
29 | ports:
30 | - name: docker-service
31 | protocol: {{ .Values.service.docker.protocol }}
32 | port: {{ .Values.service.docker.port }}
33 | targetPort: {{ .Values.service.docker.targetPort }}
34 | {{- end }}
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/pvc.yaml:
--------------------------------------------------------------------------------
1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
2 | kind: PersistentVolumeClaim
3 | apiVersion: v1
4 | metadata:
5 | name: {{ template "nexus.fullname" . }}-data
6 | labels:
7 | {{ include "nexus.labels" . | indent 4 }}
8 | {{- if .Values.nexus.extraLabels }}
9 | {{- with .Values.nexus.extraLabels }}
10 | {{ toYaml . | indent 4 }}
11 | {{- end }}
12 | {{- end }}
13 | {{- if .Values.persistence.annotations }}
14 | annotations:
15 | {{ toYaml .Values.persistence.annotations | indent 4 }}
16 | {{- end }}
17 | spec:
18 | accessModes:
19 | - {{ .Values.persistence.accessMode | quote }}
20 | resources:
21 | requests:
22 | storage: {{ .Values.persistence.storageSize | quote }}
23 | {{- if .Values.persistence.storageClass }}
24 | {{- if (eq "-" .Values.persistence.storageClass) }}
25 | storageClassName: ""
26 | {{- else }}
27 | storageClassName: "{{ .Values.persistence.storageClass }}"
28 | {{- end }}
29 | {{- end }}
30 | {{- end }}
31 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/nxrm-logback-tasklogfile-override.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v1
2 | kind: ConfigMap
3 | metadata:
4 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-logback-tasklogfile-override
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | data:
7 | logback-tasklogfile-appender-override.xml: |
8 |
9 |
10 | ${karaf.data}/log/tasks/allTasks.log
11 |
12 | true
13 |
14 | %d{"yyyy-MM-dd HH:mm:ss,SSSZ"} %-5p [%thread] %node %mdc{userId:-*SYSTEM} %c - %m%n
15 |
16 |
17 | ${karaf.data}/log/tasks/allTasks-%d{yyyy-MM-dd}.log.gz
18 | 1
19 |
20 |
21 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/test/test-check-logs.yaml:
--------------------------------------------------------------------------------
1 | # This test checks the logs to confirm the running app version is the same as the chart app version
2 | # This test will run only if the flag persistence.enabled is true on the values.yaml file
3 | {{- if .Values.persistence.enabled }}
4 | apiVersion: v1
5 | kind: Pod
6 | metadata:
7 | name: "{{ .Release.Name }}-test-check-logs"
8 | annotations:
9 | "helm.sh/hook": test
10 | "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
11 | spec:
12 | containers:
13 | - name: {{ .Release.Name }}-test-check-logs
14 | image: busybox
15 | command: ["/bin/sh"]
16 | args: ["-c", "cat /nexus-data/log/nexus.log | grep {{ .Chart.AppVersion }} || exit 1"]
17 | volumeMounts:
18 | - mountPath: /nexus-data
19 | name: {{ template "nexus.name" . }}-data
20 | volumes:
21 | - name: {{ template "nexus.name" . }}-data
22 | persistentVolumeClaim:
23 | claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
24 | restartPolicy: Never
25 | {{- end }}
26 |
--------------------------------------------------------------------------------
/nexus-repository-manager/README.md:
--------------------------------------------------------------------------------
1 |
15 | # ⚠️ Archive Notice
16 |
17 | As of October 24, 2023, we will no longer update or support this Helm chart.
18 |
19 | We now provide one [HA/Resiliency Helm Chart](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) that supports both high availability and resilient deployments in AWS, Azure, or on-premises in a Kubernetes cluster. This is our only supported Helm chart for deploying Sonatype Nexus Repository; it requires a PostgreSQL database.
--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
1 | /*
2 | * Sonatype Nexus (TM) Open Source Version
3 | * Copyright (c) 2008-present Sonatype, Inc.
4 | * All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
5 | *
6 | * This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
7 | * which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
8 | *
9 | * Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
10 | * of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
11 | * Eclipse Foundation. All other trademarks are the property of their respective owners.
12 | */
13 | @Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
14 |
15 | dockerizedBuildPipeline(
16 | prepare: {
17 | githubStatusUpdate('pending')
18 | },
19 | buildAndTest: {
20 | sh './build.sh'
21 | },
22 | skipVulnerabilityScan: true,
23 | archiveArtifacts: 'docs/*',
24 | testResults: ['**/test-output.xml'],
25 | onSuccess: {
26 | nxrmBuildNotifications(currentBuild, env)
27 | },
28 | onFailure: {
29 | nxrmBuildNotifications(currentBuild, env)
30 | }
31 | )
32 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/secret.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: secrets-store.csi.x-k8s.io/v1
2 | kind: SecretProviderClass
3 | metadata:
4 | namespace: {{ .Values.namespaces.nexusNs }}
5 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-secret
6 | spec:
7 | provider: aws
8 | secretObjects:
9 | - data:
10 | - key: db-user
11 | objectName: nxrm-db-user
12 | - key: db-password
13 | objectName: nxrm-db-password
14 | - key: db-host
15 | objectName: nxrm-db-host
16 | secretName: nxrm-db-secret
17 | type: Opaque
18 | - data:
19 | - key: nexus-admin-password
20 | objectName: nxrm-admin-password
21 | secretName: nxrm-admin-secret
22 | type: Opaque
23 | parameters:
24 | objects: |
25 | - objectName: "{{ .Values.secret.license.arn }}"
26 | objectAlias: "{{ .Values.secret.license.alias }}"
27 | - objectName: "{{ .Values.secret.rds.arn }}"
28 | jmesPath:
29 | - path: "username"
30 | objectAlias: "nxrm-db-user"
31 | - path: "password"
32 | objectAlias: "nxrm-db-password"
33 | - path: "host"
34 | objectAlias: "nxrm-db-host"
35 | - objectName: "{{ .Values.secret.adminpassword.arn }}"
36 | jmesPath:
37 | - path: "admin_nxrm_password"
38 | objectAlias: "nxrm-admin-password"
39 |
--------------------------------------------------------------------------------
/upgrade.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Sonatype Nexus (TM) Open Source Version
4 | # Copyright (c) 2008-present Sonatype, Inc.
5 | # All rights reserved. Includes the third-party code listed at http://links.sonatype.com/products/nexus/oss/attributions.
6 | #
7 | # This program and the accompanying materials are made available under the terms of the Eclipse Public License Version 1.0,
8 | # which accompanies this distribution and is available at http://www.eclipse.org/legal/epl-v10.html.
9 | #
10 | # Sonatype Nexus (TM) Professional Version is available from Sonatype, Inc. "Sonatype" and "Sonatype Nexus" are trademarks
11 | # of Sonatype, Inc. Apache Maven is a trademark of the Apache Software Foundation. M2eclipse is a trademark of the
12 | # Eclipse Foundation. All other trademarks are the property of their respective owners.
13 | #
14 |
15 | if [ $# != 3 ]; then
16 | echo "Usage: $0 "
17 | exit 1
18 | fi
19 |
20 | DIR="$1"
21 | CHART_VERSION="$2"
22 | APP_VERSION="$3"
23 |
24 | OUTPUT_FILE=$(mktemp)
25 |
26 | cat "$DIR/Chart.yaml" \
27 | | sed -E "s/version: .+/version: $CHART_VERSION/" \
28 | | sed -E "s/appVersion: .+/appVersion: $APP_VERSION/" \
29 | > "$OUTPUT_FILE"
30 |
31 | mv "$OUTPUT_FILE" "$DIR/Chart.yaml"
32 |
33 | cat "$DIR/values.yaml" \
34 | | sed -E "s/^ tag: .+$/ tag: $APP_VERSION/" \
35 | > "$OUTPUT_FILE"
36 |
37 | mv "$OUTPUT_FILE" "$DIR/values.yaml"
38 |
39 | git diff "$DIR"
40 |
--------------------------------------------------------------------------------
/nexus-repository-manager/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: nexus-repository-manager
3 | # The nexus-repository-manager chart is deprecated and no longer maintained
4 | deprecated: true
5 |
6 | # This is the chart version. This version number should be incremented each time you make changes
7 | # to the chart and its templates, including the app version.
8 | version: 64.2.0
9 | # This is the version number of the application being deployed. This version number should be
10 | # incremented each time you make changes to the application.
11 | appVersion: 3.64.0
12 |
13 | description: DEPRECATED Sonatype Nexus Repository Manager - Universal Binary repository
14 |
15 | # A chart can be either an 'application' or a 'library' chart.
16 | #
17 | # Application charts are a collection of templates that can be packaged into versioned archives
18 | # to be deployed.
19 | #
20 | # Library charts provide useful utilities or functions for the chart developer. They're included as
21 | # a dependency of application charts to inject those utilities and functions into the rendering
22 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
23 | type: application
24 |
25 | keywords:
26 | - artifacts
27 | - dependency
28 | - management
29 | - sonatype
30 | - nexus
31 | - repository
32 | - quickstart
33 | - ci
34 | - repository-manager
35 | - nexus3
36 | home: https://www.sonatype.com/nexus-repository-oss
37 | icon: https://sonatype.github.io/helm3-charts/NexusRepo_Vertical.svg
38 | sources:
39 | - https://github.com/sonatype/nexus-public
40 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: networking.k8s.io/v1
2 | kind: Ingress
3 | metadata:
4 | namespace: {{ .Values.namespaces.nexusNs }}
5 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ingress
6 | {{- with .Values.ingress.annotations }}
7 | annotations:
8 | {{- toYaml . | nindent 4 }}
9 | {{- end }}
10 | spec:
11 | rules:
12 | {{- if .Values.ingress.host }}
13 | - host: {{ .Values.ingress.host }}
14 | http:
15 | {{- else }}
16 | - http:
17 | {{- end }}
18 | paths:
19 | - path: /
20 | pathType: Prefix
21 | backend:
22 | service:
23 | name: {{ .Chart.Name }}-service
24 | port:
25 | number: {{ .Values.service.nexus.port }}
26 | ---
27 | {{- if .Values.ingress.dockerIngress.enabled -}}
28 | apiVersion: networking.k8s.io/v1
29 | kind: Ingress
30 | metadata:
31 | namespace: {{ .Values.namespaces.nexusNs }}
32 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ingress-nxrm-docker
33 | {{- with .Values.ingress.dockerIngress.annotations }}
34 | annotations:
35 | {{- toYaml . | nindent 4 }}
36 | {{- end }}
37 | spec:
38 | rules:
39 | {{- if .Values.ingress.dockerIngress.host }}
40 | - host: {{ .Values.ingress.dockerIngress.host }}
41 | http:
42 | {{- else}}
43 | - http:
44 | {{- end }}
45 | paths:
46 | - path: /
47 | pathType: Prefix
48 | backend:
49 | service:
50 | name: {{ .Chart.Name }}-docker-service
51 | port:
52 | number: {{ .Values.service.docker.port }}
53 | {{- end }}
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 |
15 | # ⚠️ Archive Notice
16 |
17 | As of October 24, 2023, we will no longer update or support the [Single-Instance OSS/Pro Helm Chart](https://github.com/sonatype/nxrm3-helm-repository/tree/main/nexus-repository-manager).
18 |
19 | Deploying Nexus Repository in containers with an embedded database has been known to corrupt the database under some circumstances. We strongly recommend that you use an external PostgreSQL database for Kubernetes deployments.
20 |
21 | ## Helm Charts for Sonatype Nexus Repository Manager 3
22 |
23 | We now provide one [HA/Resiliency Helm Chart](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) that supports both high availability and resilient deployments in AWS, Azure, or on-premises in a Kubernetes cluster. This is our only supported Helm chart for deploying Sonatype Nexus Repository; it requires a PostgreSQL database.
24 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/workdir-daemonset.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: DaemonSet
3 | metadata:
4 | name: {{ .Values.workdir.daemonset.name }}
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | spec:
7 | selector:
8 | matchLabels:
9 | job: dircreator
10 | template:
11 | metadata:
12 | labels:
13 | job: dircreator
14 | spec:
15 | hostPID: true
16 | restartPolicy: Always
17 | initContainers:
18 | # Copy file for creating nexus work directory over and execute it on host
19 | - name: create-nexus-work-dir
20 | image: ubuntu:23.04
21 | command: [/bin/sh]
22 | args:
23 | - -c
24 | - >-
25 | cp /tmp/create-nexus-work-dir.sh /host-dir &&
26 | /usr/bin/nsenter -m/proc/1/ns/mnt -- chmod u+x /tmp/install/create-nexus-work-dir.sh &&
27 | /usr/bin/nsenter -m/proc/1/ns/mnt /tmp/install/create-nexus-work-dir.sh
28 | securityContext:
29 | privileged: true
30 | volumeMounts:
31 | - name: create-nexus-work-dir-script
32 | mountPath: /tmp
33 | - name: host-mnt
34 | mountPath: /host-dir
35 | containers:
36 | - name: directory-creator
37 | image: busybox:1.33.1
38 | command: ["/bin/sh"]
39 | args:
40 | - -c
41 | - >-
42 | tail -f /dev/null
43 | securityContext:
44 | privileged: true
45 | volumes:
46 | - name: create-nexus-work-dir-script
47 | configMap:
48 | name: {{ .Values.workdir.configmap.name }}
49 | - name: host-mnt
50 | hostPath:
51 | path: /tmp/install
52 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/Chart.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: v2
2 | name: nxrm-aws-resiliency
3 | # The nxrm-aws-resiliency chart is deprecated and no longer maintained
4 | deprecated: true
5 | description: DEPRECATED Resilient AWS Deployment of Sonatype Nexus Repository Manager - Universal Binary repository
6 |
7 | # A chart can be either an 'application' or a 'library' chart.
8 | #
9 | # Application charts are a collection of templates that can be packaged into versioned archives
10 | # to be deployed.
11 | #
12 | # Library charts provide useful utilities or functions for the chart developer. They're included as
13 | # a dependency of application charts to inject those utilities and functions into the rendering
14 | # pipeline. Library charts do not define any templates and therefore cannot be deployed.
15 | type: application
16 |
17 | # This is the chart version. This version number should be incremented each time you make changes
18 | # to the chart and its templates, including the app version.
19 | # Versions are expected to follow Semantic Versioning (https://semver.org/)
20 | version: 64.2.0
21 |
22 | # This is the version number of the application being deployed. This version number should be
23 | # incremented each time you make changes to the application. Versions are not expected to
24 | # follow Semantic Versioning. They should reflect the version the application is using.
25 | # It is recommended to use it with quotes.
26 | appVersion: 3.64.0
27 |
28 | keywords:
29 | - artifacts
30 | - dependency
31 | - management
32 | - sonatype
33 | - nexus
34 | - repository
35 | - quickstart
36 | - ci
37 | - repository-manager
38 | - nexus3
39 | home: https://www.sonatype.com/nexus-repository-oss
40 | icon: https://sonatype.github.io/helm3-charts/NexusRepo_Vertical.svg
41 |
42 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/NOTES.txt:
--------------------------------------------------------------------------------
1 | {{- if .Values.ingress.enabled }}
2 | 1. Your ingresses are available here:
3 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $.Values.ingress.hostRepo }}{{ $.Values.ingress.hostPath }}
4 | {{- if $.Values.nexus.docker.enabled }}
5 | {{- range $registry := .Values.nexus.docker.registries }}
6 | https://{{ $registry.host }}/
7 | {{- end }}
8 | {{- end }}
9 | {{- else if contains "NodePort" .Values.service.type }}
10 | 1. Get the application URL by running these commands:
11 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nexus.fullname" . }})
12 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
13 | Your application is available at http://$NODE_IP:$NODE_PORT
14 | {{- else if contains "LoadBalancer" .Values.service.type }}
15 | 1. Get the application URL by running these commands:
16 | NOTE: It may take a few minutes for the LoadBalancer IP to be available.
17 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nexus.fullname" . }}'
18 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nexus.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
19 | {{- range $index, $port := .Values.service.ports }}
20 | Your application is available at http://$SERVICE_IP:{{ $port }}
21 | {{- end }}
22 | {{- else if contains "ClusterIP" .Values.service.type }}
23 | 1. Get the application URL by running these commands:
24 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "nexus.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
25 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8081:80
26 | Your application is available at http://127.0.0.1
27 | {{- end }}
28 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/service.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.service.enabled -}}
2 | ---
3 | apiVersion: v1
4 | kind: Service
5 | metadata:
6 | name: {{ include "nexus.fullname" . }}
7 | {{- if .Values.service.annotations }}
8 | annotations:
9 | {{ toYaml .Values.service.annotations | indent 4 }}
10 | {{- end }}
11 | labels:
12 | {{- include "nexus.labels" . | nindent 4 }}
13 | {{- if .Values.nexus.extraLabels }}
14 | {{- with .Values.nexus.extraLabels }}
15 | {{ toYaml . | indent 4 }}
16 | {{- end }}
17 | {{- end }}
18 | spec:
19 | type: {{ .Values.service.type }}
20 | ports:
21 | - port: {{ .Values.nexus.nexusPort }}
22 | protocol: TCP
23 | name: nexus-ui
24 | selector:
25 | {{- include "nexus.selectorLabels" . | nindent 4 }}
26 | {{- if .Values.nexus.extraSelectorLabels }}
27 | {{- with .Values.nexus.extraSelectorLabels }}
28 | {{ toYaml . | indent 4 }}
29 | {{- end }}
30 | {{- end }}
31 |
32 | {{- if .Values.nexus.docker.enabled }}
33 | {{- range $registry := .Values.nexus.docker.registries }}
34 | ---
35 | apiVersion: v1
36 | kind: Service
37 | metadata:
38 | name: {{ include "nexus.fullname" $ | trunc 49 }}-docker-{{ $registry.port }}
39 | {{- if $.Values.service.annotations }}
40 | annotations:
41 | {{ toYaml $.Values.service.annotations | indent 4 }}
42 | {{- end }}
43 | labels:
44 | {{- include "nexus.labels" $ | nindent 4 }}
45 | {{- if $.Values.nexus.extraLabels }}
46 | {{- with $.Values.nexus.extraLabels }}
47 | {{ toYaml . | indent 4 }}
48 | {{- end }}
49 | {{- end }}
50 | spec:
51 | type: {{ $.Values.service.type }}
52 | ports:
53 | - port: {{ $registry.port }}
54 | protocol: TCP
55 | name: docker-{{ $registry.port }}
56 | selector:
57 | {{- include "nexus.selectorLabels" $ | nindent 4 }}
58 | {{- if $.Values.nexus.extraSelectorLabels }}
59 | {{- with $.Values.nexus.extraSelectorLabels }}
60 | {{ toYaml . | indent 4 }}
61 | {{- end }}
62 | {{- end }}
63 | {{- end }}
64 |
65 | {{- end }}
66 | {{- end }}
67 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/_helpers.tpl:
--------------------------------------------------------------------------------
1 | {{/* vim: set filetype=mustache: */}}
2 | {{/*
3 | Expand the name of the chart.
4 | */}}
5 | {{- define "nexus.name" -}}
6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
7 | {{- end -}}
8 |
9 | {{/*
10 | Create a default fully qualified app name.
11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
12 | If release name contains chart name it will be used as a full name.
13 | */}}
14 | {{- define "nexus.fullname" -}}
15 | {{- if .Values.fullnameOverride -}}
16 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
17 | {{- else -}}
18 | {{- $name := default .Chart.Name .Values.nameOverride -}}
19 | {{- if contains $name .Release.Name -}}
20 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
21 | {{- else -}}
22 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
23 | {{- end -}}
24 | {{- end -}}
25 | {{- end -}}
26 |
27 | {{/*
28 | Create chart name and version as used by the chart label.
29 | */}}
30 | {{- define "nexus.chart" -}}
31 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
32 | {{- end -}}
33 |
34 | {{/*
35 | Common labels
36 | */}}
37 | {{- define "nexus.labels" -}}
38 | helm.sh/chart: {{ include "nexus.chart" . }}
39 | {{ include "nexus.selectorLabels" . }}
40 | {{- if .Chart.AppVersion }}
41 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
42 | {{- end }}
43 | app.kubernetes.io/managed-by: {{ .Release.Service }}
44 | {{- end -}}
45 |
46 | {{/*
47 | Selector labels
48 | */}}
49 | {{- define "nexus.selectorLabels" -}}
50 | app.kubernetes.io/name: {{ include "nexus.name" . }}
51 | app.kubernetes.io/instance: {{ .Release.Name }}
52 | {{- end -}}
53 |
54 | {{/*
55 | Create the name of the service account to use
56 | */}}
57 | {{- define "nexus.serviceAccountName" -}}
58 | {{- if .Values.serviceAccount.create -}}
59 | {{ default (include "nexus.fullname" .) .Values.serviceAccount.name }}
60 | {{- else -}}
61 | {{ default "default" .Values.serviceAccount.name }}
62 | {{- end -}}
63 | {{- end -}}
64 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/external-dns-rbac.yml:
--------------------------------------------------------------------------------
1 | {{- if .Values.externaldns.enabled }}
2 | apiVersion: rbac.authorization.k8s.io/v1
3 | kind: ClusterRole
4 | metadata:
5 | name: external-dns
6 | namespace: {{ .Values.namespaces.externaldnsNs }}
7 | labels:
8 | app.kubernetes.io/name: external-dns
9 | rules:
10 | - apiGroups: [""]
11 | resources: ["services","endpoints","pods","nodes"]
12 | verbs: ["get","watch","list"]
13 | - apiGroups: ["extensions","networking.k8s.io"]
14 | resources: ["ingresses"]
15 | verbs: ["get","watch","list"]
16 | ---
17 | apiVersion: rbac.authorization.k8s.io/v1
18 | kind: ClusterRoleBinding
19 | metadata:
20 | name: external-dns-viewer
21 | namespace: {{ .Values.namespaces.externaldnsNs }}
22 | labels:
23 | app.kubernetes.io/name: external-dns
24 | roleRef:
25 | apiGroup: rbac.authorization.k8s.io
26 | kind: ClusterRole
27 | name: external-dns
28 | subjects:
29 | - kind: ServiceAccount
30 | name: {{ .Values.serviceAccount.externaldns.name }}
31 | namespace: {{ .Values.namespaces.externaldnsNs }}
32 | ---
33 | apiVersion: apps/v1
34 | kind: Deployment
35 | metadata:
36 | name: external-dns
37 | namespace: {{ .Values.namespaces.externaldnsNs }}
38 | labels:
39 | app.kubernetes.io/name: external-dns
40 | spec:
41 | strategy:
42 | type: Recreate
43 | selector:
44 | matchLabels:
45 | app.kubernetes.io/name: external-dns
46 | template:
47 | metadata:
48 | labels:
49 | app.kubernetes.io/name: external-dns
50 | spec:
51 | serviceAccountName: external-dns
52 | containers:
53 | - name: external-dns
54 | image: k8s.gcr.io/external-dns/external-dns:v0.11.0
55 | args:
56 | - --source=service
57 | - --source=ingress
58 | - --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
59 | - --provider=aws
60 | - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
61 | - --aws-zone-type={{ .Values.externaldns.awsZoneType }} # only look at public hosted zones (valid values are public, private or no value for both)
62 | - --registry=txt
63 | - --txt-owner-id=external-dns
64 | env:
65 | - name: AWS_DEFAULT_REGION
66 | value: {{ .Values.deployment.clusterRegion }}
67 | {{- end }}
68 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/ingress.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.ingress.enabled -}}
2 | {{- $fullName := include "nexus.fullname" . -}}
3 | {{- $svcPort := .Values.nexus.nexusPort -}}
4 | {{- $ingressPath := .Values.ingress.path -}}
5 | apiVersion: networking.k8s.io/v1
6 | kind: Ingress
7 | metadata:
8 | name: {{ $fullName }}
9 | labels:
10 | {{- include "nexus.labels" . | nindent 4 }}
11 | {{- if .Values.nexus.extraLabels }}
12 | {{- with .Values.nexus.extraLabels }}
13 | {{ toYaml . | indent 4 }}
14 | {{- end }}
15 | {{- end }}
16 | {{- with .Values.ingress.annotations }}
17 | annotations:
18 | {{- toYaml . | nindent 4 }}
19 | {{- end }}
20 | spec:
21 | {{- if .Values.ingress.ingressClassName }}
22 | ingressClassName: {{ .Values.ingress.ingressClassName }}
23 | {{- end }}
24 | {{- if .Values.ingress.tls }}
25 | tls:
26 | {{- range .Values.ingress.tls }}
27 | - hosts:
28 | {{- range .hosts }}
29 | - {{ . | quote }}
30 | {{- end }}
31 | secretName: {{ .secretName }}
32 | {{- end }}
33 | {{- end }}
34 | rules:
35 | - host: {{ .Values.ingress.hostRepo }}
36 | http:
37 | paths:
38 | - path: {{ .Values.ingress.hostPath }}
39 | pathType: Prefix
40 | backend:
41 | service:
42 | name: {{ $fullName }}
43 | port:
44 | number: 8081
45 |
46 | {{ if .Values.nexus.docker.enabled }}
47 | {{ range $registry := .Values.nexus.docker.registries }}
48 | ---
49 | apiVersion: networking.k8s.io/v1
50 | kind: Ingress
51 | metadata:
52 | name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
53 | labels:
54 | {{- include "nexus.labels" $ | nindent 4 }}
55 | {{- if $.Values.nexus.extraLabels }}
56 | {{- with $.Values.nexus.extraLabels }}
57 | {{ toYaml . | indent 4 }}
58 | {{- end }}
59 | {{- end }}
60 | {{- with $.Values.ingress.annotations }}
61 | annotations:
62 | {{- toYaml . | nindent 4 }}
63 | {{- end }}
64 | spec:
65 | {{- if $.Values.ingress.ingressClassName }}
66 | ingressClassName: {{ $.Values.ingress.ingressClassName }}
67 | {{- end }}
68 | tls:
69 | - hosts:
70 | - {{ $registry.host | quote }}
71 | secretName: {{ $registry.secretName }}
72 | rules:
73 | - host: {{ $registry.host }}
74 | http:
75 | paths:
76 | - path: /
77 | pathType: Prefix
78 | backend:
79 | service:
80 | name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
81 | port:
82 | number: {{ $registry.port }}
83 | {{- end }} {{- /* range of nexus.docker.registries */ -}}
84 | {{- end }} {{- /* nexus.docker.enabled */ -}}
85 | {{- end }} {{- /* ingress.enabled */ -}}
86 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/README.md:
--------------------------------------------------------------------------------
1 |
15 | # ⚠️ Archive Notice
16 |
17 | As of February 9, 2024, we now provide one [HA/Resiliency Helm Chart](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) that supports both high availability and resilient deployments in AWS, Azure, or on-premises in a Kubernetes cluster. This is our only supported Helm chart for deploying Sonatype Nexus Repository; it requires a PostgreSQL database and a Pro license.
18 |
19 | # Helm Chart Instructions
20 |
21 | See the [HA/Resiliency Helm Chart in GitHub](https://github.com/sonatype/nxrm3-ha-repository/tree/main/nxrm-ha) for details on the new combined Helm chart.
22 | Detailed Help instructions are also available at the following locations:
23 | * [Single-Node Cloud Resilient Example Using AWS] (https://help.sonatype.com/en/single-node-cloud-resilient-deployment-example-using-aws.html)
24 | * [Single-Node Cloud Resilient Example Using Azure] (https://help.sonatype.com/en/single-node-cloud-resilient-deployment-example-using-azure.html)
25 | * [Single Data Center On-Premises Resilient Example Using Kubernetes] (https://help.sonatype.com/en/single-data-center-on-premises-deployment-example-using-kubernetes.html)
26 | * [High Availability Deployment in AWS] (https://help.sonatype.com/en/option-3---high-availability-deployment-in-amazon-web-services--aws-.html)
27 | * [High Availability Deployment in Azure] (https://help.sonatype.com/en/option-4---high-availability-deployment-in-azure.html)
28 | * [On-Premises High Availability Deployment Using Kubernetes] (https://help.sonatype.com/en/option-2---on-premises-high-availability-deployment-using-kubernetes.html)
29 | Detailed Help instructions are also available at the following locations:
30 | * [Single-Node Cloud Resilient Example Using AWS] (https://help.sonatype.com/en/single-node-cloud-resilient-deployment-example-using-aws.html)
31 | * [Single-Node Cloud Resilient Example Using Azure] (https://help.sonatype.com/en/single-node-cloud-resilient-deployment-example-using-azure.html)
32 | * [Single Data Center On-Premises Resilient Example Using Kubernetes] (https://help.sonatype.com/en/single-data-center-on-premises-deployment-example-using-kubernetes.html)
33 | * [High Availability Deployment in AWS] (https://help.sonatype.com/en/option-3---high-availability-deployment-in-amazon-web-services--aws-.html)
34 | * [High Availability Deployment in Azure] (https://help.sonatype.com/en/option-4---high-availability-deployment-in-azure.html)
35 | * [On-Premises High Availability Deployment Using Kubernetes] (https://help.sonatype.com/en/option-2---on-premises-high-availability-deployment-using-kubernetes.html)
36 |
--------------------------------------------------------------------------------
/Jenkinsfile-Release:
--------------------------------------------------------------------------------
1 | /*
2 | * Copyright (c) 2020-present Sonatype, Inc. All rights reserved.
3 | *
4 | * This program is licensed to you under the Apache License Version 2.0,
5 | * and you may not use this file except in compliance with the Apache License Version 2.0.
6 | * You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0.
7 | *
8 | * Unless required by applicable law or agreed to in writing,
9 | * software distributed under the Apache License Version 2.0 is distributed on an
10 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 | * See the Apache License Version 2.0 for the specific language governing permissions and limitations there under.
12 | */
13 | @Library(['private-pipeline-library', 'jenkins-shared', 'nxrm-jenkins-shared']) _
14 |
15 | final jira = [
16 | versionPrefix: '', project: 'NEXUS', projectId: '12410',
17 | credentialId : 'jenkins-jira', autoRelease: true, failOnError: true
18 | ]
19 |
20 | properties([
21 | parameters([
22 | string(
23 | name: 'appVersion',
24 | description: 'Version of the application image, like "3.41.0"',
25 | ),
26 | string(
27 | name: 'chartVersion',
28 | description: '(Optional) Version of the Chart, like "41.0.0". If omitted, it will be calculated from the appVersion.',
29 | ),
30 | ])
31 | ])
32 |
33 | final chartVersion = calculateChartVersion(params.chartVersion, params.appVersion)
34 |
35 | dockerizedBuildPipeline(
36 | prepare: {
37 | if (! params.appVersion) {
38 | error('The appVersion is required.')
39 | }
40 | githubStatusUpdate('pending')
41 | },
42 | buildAndTest: {
43 | sonatypeZionGitConfig()
44 | runSafely "git checkout ${gitBranch(env)}"
45 | runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}"
46 | runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}"
47 | runSafely './build.sh'
48 | runSafely 'git add nxrm-aws-resiliency'
49 | runSafely 'git add nexus-repository-manager'
50 | },
51 | skipVulnerabilityScan: true,
52 | archiveArtifacts: 'docs/*',
53 | testResults: [],
54 | deployCondition: { true },
55 | deploy: {
56 | runSafely 'git add docs'
57 | runSafely "git commit -m 'Release Update for ${chartVersion}'"
58 |
59 | sshagent(credentials: [sonatypeZionCredentialsId()]) {
60 | runSafely 'git push'
61 | }
62 | },
63 | postDeploy: {
64 | // Create tags
65 | String tagName = "${chartVersion}"
66 | runSafely "git tag -a ${tagName} -m 'Release Update: ${chartVersion}'"
67 | sshagent(credentials: [sonatypeZionCredentialsId()]) {
68 | runSafely "git push origin ${tagName}"
69 | }
70 | },
71 | onSuccess: {
72 | nxrmBuildNotifications(currentBuild, env)
73 | },
74 | onFailure: {
75 | nxrmBuildNotifications(currentBuild, env)
76 | }
77 | )
78 |
79 | String calculateChartVersion(final String chartVersion, final String appVersion) {
80 | if (chartVersion) {
81 | return chartVersion
82 | }
83 |
84 | if (! appVersion) {
85 | error 'Failed to calculate chartVersion with no appVersion.'
86 | }
87 |
88 | final versionParts = parseVersionString(appVersion)
89 | final chartMajor = versionParts[1]
90 | final chartMinor = versionParts[2]
91 |
92 | if (! chartMajor || ! chartMinor) {
93 | error "Failed to calculate chartVersion from appVersion: ${appVersion}"
94 | }
95 |
96 | return [chartMajor, chartMinor, '0'].join('.')
97 | }
98 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 |
15 | # Reporting Security Vulnerabilities
16 |
17 | ## When to report
18 |
19 | First check
20 | [Important advisories of known security vulnerabilities in Sonatype products](https://support.sonatype.com/hc/en-us/sections/203012668-Security-Advisories)
21 | to see if this has been previously reported.
22 |
23 | ## How to report
24 |
25 | Please email reports regarding security related issues you find to [mailto:security@sonatype.com](security@sonatype.com).
26 |
27 | Use our public key below to keep your message safe.
28 |
29 | ## What to include
30 |
31 | Please use a descriptive subject line in your email report.
32 |
33 | Your name and/or affiliation.
34 |
35 | A detailed technical description of the vulnerability, attack scenario and where
36 | possible, how we can reproduce your findings.
37 |
38 | Provide us with a secure way to respond.
39 |
40 | ## What to expect
41 |
42 | Your email will be acknowledged within 1 - 2 business days, and you'll receive a
43 | more detailed response to your email within 7 business days.
44 |
45 | We ask that everyone please follow responsible disclosure practices and allow
46 | time for us to release a fix prior to public release.
47 |
48 | Once an issue is reported, Sonatype uses the following disclosure process:
49 |
50 | When a report is received, we confirm the issue and determine its severity.
51 |
52 | If third-party services or software require mitigation before publication, those
53 | projects will be notified.
54 |
55 | ## Our public key
56 |
57 | ```console
58 | -----BEGIN PUBLIC KEY BLOCK-----
59 | mQENBFF+a9ABCADQWSAAU7w9i71Zn3TQ6k7lT9x57cRdtX7V709oeN/c/1it+gCw
60 | onmmCyf4ypor6XcPSOasp/x0s3hVuf6YfMbI0tSwJUWWihrmoPGIXtmiSOotQE0Q
61 | Sav41xs3YyI9LzQB4ngZR/nhp4YhioD1dVorD6LGXk08rvl2ikoqHwTagbEXZJY7
62 | 3VYhW6JHbZTLwCsfyg6uaSYF1qXfUxHPOiHYKNbhK/tM3giX+9ld/7xi+9f4zEFQ
63 | eX9wcRTdgdDOAqDOK7MV30KXagSqvW0MgEYtKX6q4KjjRzBYjkiTdFW/yMXub/Bs
64 | 5UckxHTCuAmvpr5J0HIUeLtXi1QCkijyn8HJABEBAAG0KVNvbmF0eXBlIFNlY3Vy
65 | aXR5IDxzZWN1cml0eUBzb25hdHlwZS5jb20+iQE4BBMBAgAiBQJRfmvQAhsDBgsJ
66 | CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAgkmxsNtgwfUzbCACLtCgieq1kJOqo
67 | 2i136ND5ZOj31zIzNENLn8dhSg5zQwTHOcntWAtS8uCNq4fSlslwvlbPYWTLD7fE
68 | iJn1z7BCU8gBk+pkAJJFWEPweMVt+9bYQ4HfKceGbJeuwBBhS34SK9ZIp9gfxxfA
69 | oTm0aGYwKR5wH3sqL/mrhwKhPt9wXR4qwlE635STEX8wzJ5SBqf3ArJUtCp1rzgR
70 | Dx+DiZed5HE1pOI2Kyb6O80bm485WThPXxpvp3bfzTNYoGzeLi/F7WkmgggkXxsT
71 | Pyd0sSx0B/MO4lJtQvEBlIHDFno9mXa30fKl+rzp2geG5UxNHJUjaC5JhfWLEXEX
72 | wV0ErBsmuQENBFF+a9ABCADXj04+GLIz8VCaZH554nUHEhaKoiIXH3Tj7UiMZDqy
73 | o4WIw2RFaCQNA8T0R5Q0yxINU146JQMbA2SN59AGcGYZcajyEvTR7tLG0meMO6S0
74 | JWpkX7s3xaC0s+5SJ/ba00oHGzW0aotgzG9BWA5OniNHK7zZKMVu7M80M/wB1RvK
75 | x775hAeJ+8F9MDJ+ijydBtaOfDdkbg+0kU1xR6Io+vVLPk38ghlWU8QFP4/B0oWi
76 | jK4xiDqK6cG7kyH9kC9nau+ckH8MrJ/RzEpsc4GRwqS4IEnvHWe7XbgydWS1bCp6
77 | 8uP5ma3d02elQmSEa+PABIPKnZcAf1YKLr9O/+IzEdOhABEBAAGJAR8EGAECAAkF
78 | AlF+a9ACGwwACgkQIJJsbDbYMH3WzAf/XOm4YQZFOgG2h9d03m8me8d1vrYico+0
79 | pBYU9iCozLgamM4er9Efb+XzfLvNVKuqyR0cgvGszukIPQYeX58DMrZ07C+E0wDZ
80 | bG+ZAYXT5GqsHkSVnMCVIfyJNLjR4sbVzykyVtnccBL6bP3jxbCP1jJdT7bwiKre
81 | 1jQjvyoL0yIegdiN/oEdmx52Fqjt4NkQsp4sk625UBFTVISr22bnf60ZIGgrRbAP
82 | DU1XMdIrmqmhEEQcXMp4CeflDMksOmaIeAUkZY7eddnXMwQDJTnz5ziCal+1r0R3
83 | dh0XISRG0NkiLEXeGkrs7Sn7BAAsTsaH/1zU6YbvoWlMlHYT6EarFQ== =sFGt
84 | -----END PUBLIC KEY BLOCK-----
85 | ```
86 |
87 |
--------------------------------------------------------------------------------
/nexus-repository-manager/tests/deployment_test.yaml:
--------------------------------------------------------------------------------
1 | suite: deployment
2 | templates:
3 | - deployment.yaml
4 | - configmap-properties.yaml
5 | tests:
6 | - it: renders with defaults
7 | template: deployment.yaml
8 | asserts:
9 | - hasDocuments:
10 | count: 1
11 | - isKind:
12 | of: Deployment
13 | - equal:
14 | path: apiVersion
15 | value: apps/v1
16 | - equal:
17 | path: metadata.name
18 | value: RELEASE-NAME-nexus-repository-manager
19 | - matchRegex:
20 | path: metadata.labels.[app.kubernetes.io/name]
21 | pattern: nexus-repository-manager
22 | - matchRegex:
23 | path: metadata.labels.[app.kubernetes.io/version]
24 | pattern: 3\.\d+\.\d+
25 | - matchRegex:
26 | path: spec.template.metadata.annotations.[checksum/configmap-properties]
27 | pattern: .+
28 | - equal:
29 | path: spec.replicas
30 | value: 1
31 | - equal:
32 | path: spec.strategy.type
33 | value: Recreate
34 | - matchRegex:
35 | path: spec.template.spec.containers[0].image
36 | pattern: sonatype/nexus3:3\.\d+\.\d+
37 | - equal:
38 | path: spec.template.spec.containers[0].securityContext
39 | value:
40 | allowPrivilegeEscalation: false
41 | capabilities:
42 | drop:
43 | - ALL
44 | runAsNonRoot: true
45 | seccompProfile:
46 | type: RuntimeDefault
47 | - equal:
48 | path: spec.template.spec.containers[0].imagePullPolicy
49 | value: IfNotPresent
50 | - equal:
51 | path: spec.template.spec.containers[0].env
52 | value:
53 | - name: INSTALL4J_ADD_VM_PARAMS
54 | value: |-
55 | -Xms2703M -Xmx2703M
56 | -XX:MaxDirectMemorySize=2703M
57 | -XX:+UnlockExperimentalVMOptions
58 | -XX:+UseCGroupMemoryLimitForHeap
59 | -Djava.util.prefs.userRoot=/nexus-data/javaprefs
60 | - name: NEXUS_SECURITY_RANDOMPASSWORD
61 | value: "true"
62 | - equal:
63 | path: spec.template.spec.containers[0].ports
64 | value:
65 | - containerPort: 8081
66 | name: nexus-ui
67 | - equal:
68 | path: spec.template.spec.containers[0].livenessProbe
69 | value:
70 | failureThreshold: 6
71 | httpGet:
72 | path: /
73 | port: 8081
74 | initialDelaySeconds: 30
75 | periodSeconds: 30
76 | timeoutSeconds: 10
77 | - equal:
78 | path: spec.template.spec.containers[0].readinessProbe
79 | value:
80 | failureThreshold: 6
81 | httpGet:
82 | path: /
83 | port: 8081
84 | initialDelaySeconds: 30
85 | periodSeconds: 30
86 | timeoutSeconds: 10
87 | - equal:
88 | path: spec.template.spec.containers[0].volumeMounts
89 | value:
90 | - mountPath: /nexus-data
91 | name: nexus-repository-manager-data
92 | - equal:
93 | path: spec.template.spec.volumes
94 | value:
95 | - name: nexus-repository-manager-data
96 | persistentVolumeClaim:
97 | claimName: RELEASE-NAME-nexus-repository-manager-data
98 | - equal:
99 | path: spec.template.spec.securityContext
100 | value:
101 | fsGroup: 200
102 | runAsGroup: 200
103 | runAsUser: 200
104 |
105 | - it: should use our simple values
106 | template: deployment.yaml
107 | set:
108 | deploymentStrategy: my-strategy
109 | imagePullSecrets:
110 | - name: top-secret
111 | asserts:
112 | - hasDocuments:
113 | count: 1
114 | - equal:
115 | path: spec.strategy.type
116 | value: my-strategy
117 | - equal:
118 | path: spec.template.spec.imagePullSecrets
119 | value:
120 | - name: top-secret
121 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/values.yaml:
--------------------------------------------------------------------------------
1 | # Declare variables to be passed into your templates.
2 | namespaces:
3 | nexusNs: nexusrepo
4 | cloudwatchNs: amazon-cloudwatch
5 | externaldnsNs: nexus-externaldns
6 | externaldns:
7 | enabled: false
8 | domainFilter: example.com #your root domain e.g example.com
9 | awsZoneType: private # hosted zone to look at (valid values are public, private or no value for both)
10 | fluentbit:
11 | enabled: false
12 | deployment:
13 | clusterRegion: us-east-1
14 | name: nxrm.deployment
15 | clusterName: nxrm-nexus
16 | logsRegion: us-east-1
17 | fluentBitVersion: 2.28.0
18 | replicaCount: 1
19 | initContainer:
20 | image:
21 | repository: busybox
22 | tag: 1.33.1
23 | container:
24 | image:
25 | repository: sonatype/nexus3
26 | tag: 3.45.1
27 | containerPort: 8081
28 | pullPolicy: IfNotPresent
29 | env:
30 | nexusDBName: nexus
31 | nexusDBPort: 3306
32 | install4jAddVmParams: "-Xms2703m -Xmx2703m"
33 | requestLogContainer:
34 | image:
35 | repository: busybox
36 | tag: 1.33.1
37 | auditLogContainer:
38 | image:
39 | repository: busybox
40 | tag: 1.33.1
41 | taskLogContainer:
42 | image:
43 | repository: busybox
44 | tag: 1.33.1
45 | serviceAccount:
46 | name: nexus-repository-deployment-sa #This SA is created as part of steps under "AWS Secrets Manager"
47 | role: arn:aws:iam::000000000000:role/nxrm-nexus-role #Role with secretsmanager permissions
48 | externaldns:
49 | name: external-dns
50 | role: arn:aws:iam::000000000000:role/nexusrepo-external-dns-irsa-role #Role with route53 permissions needed by external-dns
51 | ingress:
52 | #host: "example.com" #host to apply this ingress rule to. Uncomment this in your values.yaml and set it as you wish
53 | annotations:
54 | kubernetes.io/ingress.class: alb
55 | alb.ingress.kubernetes.io/healthcheck-path: /service/rest/v1/status
56 | alb.ingress.kubernetes.io/scheme: internal # scheme
57 | alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids
58 | #alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' uncomment for https
59 | #alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Uncomment for https. The AWS Certificate Manager ARN for your HTTPS certificate
60 | dockerIngress: #Ingress for Docker Connector - comment out if you don't use docker repositories
61 | enabled: false
62 | annotations:
63 | kubernetes.io/ingress.class: alb # comment out if you don't use docker repositories
64 | alb.ingress.kubernetes.io/scheme: internal # scheme comment out if you don't use docker repositories
65 | alb.ingress.kubernetes.io/subnets: subnet-1,subnet-2 #comma separated list of subnet ids, comment out if you don't use docker repositories
66 | # alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' #uncomment if you use docker repositories
67 | # alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:0000000000000:certificate/00000000-1111-2222-3333-444444444444 # Uncomment if you use docker repositories - The AWS Certificate Manager ARN for your HTTPS certificate
68 | # external-dns.alpha.kubernetes.io/hostname: dockerrepo1.example.com, dockerrepo2.example.com, dockerrepo3.example.com # Add more docker subdomains using dockerrepoName.example.com othereise comment out if you don't use docker repositories
69 | workdir:
70 | configmap:
71 | name: create-nexus-workdir-config
72 | daemonset:
73 | name: create-nexus-work-dir
74 | storageClass:
75 | iopsPerGB: "10" #Note: aws plugin multiplies this by the size of the requested volumne to compute IOPS of the volumne and caps it a 20, 000 IOPS
76 | pv:
77 | storage: 120Gi
78 | volumeMode: Filesystem
79 | accessModes: ReadWriteOnce
80 | reclaimPolicy: Retain
81 | path: /nexus-repo-mgr-work-dir/work
82 | zones:
83 | zone1: us-east-1a
84 | zone2: us-east-1b
85 | pvc:
86 | accessModes: ReadWriteOnce
87 | storage: 100Gi
88 |
89 | service: #Nexus Repo NodePort Service
90 | nexus:
91 | type: NodePort
92 | protocol: TCP
93 | port: 80
94 | targetPort: 8081
95 | docker: #Nodeport Service for Docker Service
96 | enabled: false
97 | type: NodePort
98 | protocol: TCP
99 | port: 9090
100 | targetPort: 8081
101 | secret:
102 | license:
103 | arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrm-nexus-license
104 | alias: nxrm-license.lic
105 | rds:
106 | arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:nxrmrds-cred-nexus
107 | adminpassword:
108 | arn: arn:aws:secretsmanager:us-east-1:000000000000:secret:admin-nxrm-password
109 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}
5 | namespace: {{ .Values.namespaces.nexusNs }}
6 | labels:
7 | app: nxrm
8 | spec:
9 | replicas: 1
10 | selector:
11 | matchLabels:
12 | app: nxrm
13 | template:
14 | metadata:
15 | labels:
16 | app: nxrm
17 | spec:
18 | serviceAccountName: {{ .Values.serviceAccount.name }}
19 | initContainers:
20 | # chown nexus-data to 'nexus' user and init log directories/files for a new pod
21 | # otherwise the side car containers will crash a couple of times and backoff whilst waiting
22 | # for nxrm-app to start and this increases the total start up time.
23 | - name: chown-nexusdata-owner-to-nexus-and-init-log-dir
24 | image: {{ .Values.deployment.initContainer.image.repository }}:{{ .Values.deployment.initContainer.image.tag }}
25 | command: [/bin/sh]
26 | args:
27 | - -c
28 | - >-
29 | mkdir -p /nexus-data/etc/logback &&
30 | mkdir -p /nexus-data/log/tasks &&
31 | mkdir -p /nexus-data/log/audit &&
32 | touch -a /nexus-data/log/tasks/allTasks.log &&
33 | touch -a /nexus-data/log/audit/audit.log &&
34 | touch -a /nexus-data/log/request.log &&
35 | chown -R '200:200' /nexus-data
36 | volumeMounts:
37 | - name: nexusdata
38 | mountPath: /nexus-data
39 | containers:
40 | - name: nxrm-app
41 | image: {{ .Values.deployment.container.image.repository }}:{{ .Values.deployment.container.image.tag }}
42 | securityContext:
43 | runAsUser: 200
44 | imagePullPolicy: {{ .Values.deployment.container.pullPolicy }}
45 | ports:
46 | - containerPort: {{ .Values.deployment.container.containerPort }}
47 | env:
48 | - name: DB_NAME
49 | value: "{{ .Values.deployment.container.env.nexusDBName }}"
50 | - name: DB_PASSWORD
51 | valueFrom:
52 | secretKeyRef:
53 | name: nxrm-db-secret
54 | key: db-password
55 | - name: DB_USER
56 | valueFrom:
57 | secretKeyRef:
58 | name: nxrm-db-secret
59 | key: db-user
60 | - name: DB_HOST
61 | valueFrom:
62 | secretKeyRef:
63 | name: nxrm-db-secret
64 | key: db-host
65 | - name: NEXUS_SECURITY_INITIAL_PASSWORD
66 | valueFrom:
67 | secretKeyRef:
68 | name: nxrm-admin-secret
69 | key: nexus-admin-password
70 | - name: NEXUS_SECURITY_RANDOMPASSWORD
71 | value: "false"
72 | - name: INSTALL4J_ADD_VM_PARAMS
73 | value: "{{ .Values.deployment.container.env.install4jAddVmParams }} -Dnexus.licenseFile=/nxrm-secrets/{{ .Values.secret.license.alias }} \
74 | -Dnexus.datastore.enabled=true -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs \
75 | -Dnexus.datastore.nexus.jdbcUrl=jdbc:postgresql://${DB_HOST}:{{ .Values.deployment.container.env.nexusDBPort }}/${DB_NAME} \
76 | -Dnexus.datastore.nexus.username=${DB_USER} \
77 | -Dnexus.datastore.nexus.password=${DB_PASSWORD}"
78 | volumeMounts:
79 | - mountPath: /nxrm-secrets
80 | name: nxrm-secrets
81 | - name: nexusdata
82 | mountPath: /nexus-data
83 | - name: logback-tasklogfile-override
84 | mountPath: /nexus-data/etc/logback/logback-tasklogfile-appender-override.xml
85 | subPath: logback-tasklogfile-appender-override.xml
86 | - name: request-log
87 | image: {{ .Values.deployment.requestLogContainer.image.repository }}:{{ .Values.deployment.requestLogContainer.image.tag }}
88 | args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/request.log']
89 | volumeMounts:
90 | - name: nexusdata
91 | mountPath: /nexus-data
92 | - name: audit-log
93 | image: {{ .Values.deployment.auditLogContainer.image.repository }}:{{ .Values.deployment.auditLogContainer.image.tag }}
94 | args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/audit/audit.log']
95 | volumeMounts:
96 | - name: nexusdata
97 | mountPath: /nexus-data
98 | - name: tasks-log
99 | image: {{ .Values.deployment.taskLogContainer.image.repository }}:{{ .Values.deployment.taskLogContainer.image.tag }}
100 | args: [/bin/sh, -c, 'tail -n+1 -F /nexus-data/log/tasks/allTasks.log']
101 | volumeMounts:
102 | - name: nexusdata
103 | mountPath: /nexus-data
104 | volumes:
105 | - name: nexusdata
106 | persistentVolumeClaim:
107 | claimName: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-ebs-claim
108 | - name: nxrm-secrets
109 | csi:
110 | driver: secrets-store.csi.k8s.io
111 | readOnly: true
112 | volumeAttributes:
113 | secretProviderClass: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-secret
114 | fsType: ext4
115 | - name: logback-tasklogfile-override
116 | configMap:
117 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-logback-tasklogfile-override
118 | items:
119 | - key: logback-tasklogfile-appender-override.xml
120 | path: logback-tasklogfile-appender-override.xml
121 |
--------------------------------------------------------------------------------
/nexus-repository-manager/values.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | statefulset:
3 | # This is not supported
4 | enabled: false
5 | deploymentStrategy: Recreate
6 | image:
7 | # Sonatype Official Public Image
8 | repository: sonatype/nexus3
9 | tag: 3.64.0
10 | pullPolicy: IfNotPresent
11 | imagePullSecrets:
12 | # for image registries that require login, specify the name of the existing
13 | # kubernetes secret
14 | # - name:
15 |
16 | nexus:
17 | docker:
18 | enabled: false
19 | # registries:
20 | # - host: chart.local
21 | # port: 5000
22 | # secretName: registry-secret
23 | env:
24 | # minimum recommended memory settings for a small, person instance from
25 | # https://help.sonatype.com/repomanager3/product-information/system-requirements
26 | - name: INSTALL4J_ADD_VM_PARAMS
27 | value: |-
28 | -Xms2703M -Xmx2703M
29 | -XX:MaxDirectMemorySize=2703M
30 | -XX:+UnlockExperimentalVMOptions
31 | -XX:+UseCGroupMemoryLimitForHeap
32 | -Djava.util.prefs.userRoot=/nexus-data/javaprefs
33 | - name: NEXUS_SECURITY_RANDOMPASSWORD
34 | value: "true"
35 | properties:
36 | override: false
37 | data:
38 | nexus.scripts.allowCreation: true
39 | # See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager
40 | # nexus.ldap.env.java.naming.security.authentication: simple
41 | # nodeSelector:
42 | # cloud.google.com/gke-nodepool: default-pool
43 | resources:
44 | # minimum recommended memory settings for a small, person instance from
45 | # https://help.sonatype.com/repomanager3/product-information/system-requirements
46 | # requests:
47 | # cpu: 4
48 | # memory: 8Gi
49 | # limits:
50 | # cpu: 4
51 | # memory: 8Gi
52 |
53 | # The ports should only be changed if the nexus image uses a different port
54 | nexusPort: 8081
55 |
56 | # Default the pods UID and GID to match the nexus3 container.
57 | # Customize or remove these values from the securityContext as appropriate for
58 | # your deployment environment.
59 | securityContext:
60 | runAsUser: 200
61 | runAsGroup: 200
62 | fsGroup: 200
63 | podAnnotations: {}
64 | livenessProbe:
65 | initialDelaySeconds: 30
66 | periodSeconds: 30
67 | failureThreshold: 6
68 | timeoutSeconds: 10
69 | path: /
70 | readinessProbe:
71 | initialDelaySeconds: 30
72 | periodSeconds: 30
73 | failureThreshold: 6
74 | timeoutSeconds: 10
75 | path: /
76 | # hostAliases allows the modification of the hosts file inside a container
77 | hostAliases: []
78 | # - ip: "192.168.1.10"
79 | # hostnames:
80 | # - "example.com"
81 | # - "www.example.com"
82 |
83 | nameOverride: ""
84 | fullnameOverride: ""
85 |
86 | deployment:
87 | # # Add annotations in deployment to enhance deployment configurations
88 | annotations: {}
89 | # # Add init containers. e.g. to be used to give specific permissions for nexus-data.
90 | # # Add your own init container or uncomment and modify the given example.
91 | initContainers:
92 | # - name: fmp-volume-permission
93 | # image: busybox
94 | # imagePullPolicy: IfNotPresent
95 | # command: ['chown','-R', '200', '/nexus-data']
96 | # volumeMounts:
97 | # - name: nexus-data
98 | # mountPath: /nexus-data
99 | # Uncomment and modify this to run a command after starting the nexus container.
100 | postStart:
101 | command: # '["/bin/sh", "-c", "ls"]'
102 | preStart:
103 | command: # '["/bin/rm", "-f", "/path/to/lockfile"]'
104 | terminationGracePeriodSeconds: 120
105 | additionalContainers:
106 | additionalVolumes:
107 | additionalVolumeMounts:
108 |
109 | ingress:
110 | enabled: false
111 | ingressClassName: nginx
112 | annotations:
113 | nginx.ingress.kubernetes.io/proxy-body-size: "0"
114 | hostPath: /
115 | hostRepo: repo.demo
116 | # tls:
117 | # - secretName: nexus-local-tls
118 | # hosts:
119 | # - repo.demo
120 |
121 |
122 | service:
123 | name: nexus3
124 | enabled: true
125 | labels: {}
126 | annotations: {}
127 | type: ClusterIP
128 |
129 |
130 | route:
131 | enabled: false
132 | name: docker
133 | portName: docker
134 | labels:
135 | annotations:
136 | # path: /docker
137 |
138 | nexusProxyRoute:
139 | enabled: false
140 | labels:
141 | annotations:
142 | # path: /nexus
143 |
144 | persistence:
145 | enabled: true
146 | accessMode: ReadWriteOnce
147 | ## If defined, storageClass:
148 | ## If set to "-", storageClass: "", which disables dynamic provisioning
149 | ## If undefined (the default) or set to null, no storageClass spec is
150 | ## set, choosing the default provisioner. (gp2 on AWS, standard on
151 | ## GKE, AWS & OpenStack)
152 | ##
153 | # existingClaim:
154 | # annotations:
155 | # "helm.sh/resource-policy": keep
156 | # storageClass: "-"
157 | storageSize: 8Gi
158 | # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs.
159 | # pdName: nexus-data-disk
160 | # fsType: ext4
161 |
162 | tolerations: []
163 |
164 | # Enable configmap and add data in configmap
165 | config:
166 | enabled: false
167 | mountPath: /sonatype-nexus-conf
168 | data: []
169 |
170 | # # To use an additional secret, set enable to true and add data
171 | secret:
172 | enabled: false
173 | mountPath: /etc/secret-volume
174 | readOnly: true
175 | data: []
176 |
177 | serviceAccount:
178 | # Specifies whether a service account should be created
179 | create: true
180 | # Annotations to add to the service account
181 | annotations: {}
182 | # The name of the service account to use.
183 | # If not set and create is true, a name is generated using the fullname template
184 | name: ""
185 |
--------------------------------------------------------------------------------
/nexus-repository-manager/templates/deployment.yaml:
--------------------------------------------------------------------------------
1 | apiVersion: apps/v1
2 | kind: Deployment
3 | metadata:
4 | name: {{ template "nexus.fullname" . }}
5 | labels:
6 | {{ include "nexus.labels" . | indent 4 }}
7 | {{- if .Values.nexus.extraLabels }}
8 | {{- with .Values.nexus.extraLabels }}
9 | {{ toYaml . | indent 4 }}
10 | {{- end }}
11 | {{- end }}
12 | {{- if .Values.deployment.annotations }}
13 | annotations:
14 | {{ toYaml .Values.deployment.annotations | nindent 4 }}
15 | {{- end }}
16 | spec:
17 | replicas: 1
18 | strategy:
19 | type: {{ .Values.deploymentStrategy }}
20 | selector:
21 | matchLabels:
22 | {{- include "nexus.selectorLabels" . | nindent 6 }}
23 | {{- if .Values.nexus.extraSelectorLabels }}
24 | {{- with .Values.nexus.extraSelectorLabels }}
25 | {{ toYaml . | indent 6 }}
26 | {{- end }}
27 | {{- end }}
28 | template:
29 | metadata:
30 | annotations:
31 | checksum/configmap-properties: {{ include (print .Template.BasePath "/configmap-properties.yaml") $ | sha256sum }}
32 | {{- if .Values.nexus.podAnnotations }}
33 | {{ toYaml .Values.nexus.podAnnotations | nindent 8}}
34 | {{- end }}
35 | labels:
36 | {{- include "nexus.selectorLabels" . | nindent 8 }}
37 | spec:
38 | serviceAccountName: {{ include "nexus.serviceAccountName" . }}
39 | {{- if .Values.deployment.initContainers }}
40 | initContainers:
41 | {{ toYaml .Values.deployment.initContainers | nindent 6 }}
42 | {{- end }}
43 | {{- if .Values.nexus.nodeSelector }}
44 | nodeSelector:
45 | {{ toYaml .Values.nexus.nodeSelector | nindent 8 }}
46 | {{- end }}
47 | {{- if .Values.nexus.hostAliases }}
48 | hostAliases:
49 | {{ toYaml .Values.nexus.hostAliases | nindent 8 }}
50 | {{- end }}
51 | {{- with .Values.imagePullSecrets }}
52 | imagePullSecrets:
53 | {{- toYaml . | nindent 8 }}
54 | {{- end }}
55 | {{- if .Values.deployment.terminationGracePeriodSeconds }}
56 | terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }}
57 | {{- end }}
58 | containers:
59 | - name: {{ .Chart.Name }}
60 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
61 | imagePullPolicy: {{ .Values.image.pullPolicy }}
62 | securityContext:
63 | allowPrivilegeEscalation: false
64 | runAsNonRoot: true
65 | seccompProfile:
66 | type: RuntimeDefault
67 | capabilities:
68 | drop:
69 | - ALL
70 | lifecycle:
71 | {{- if .Values.deployment.postStart.command }}
72 | postStart:
73 | exec:
74 | command: {{ .Values.deployment.postStart.command }}
75 | {{- end }}
76 | env:
77 | {{ toYaml .Values.nexus.env | nindent 12 }}
78 | envFrom:
79 | {{ toYaml .Values.nexus.envFrom | nindent 12 }}
80 | resources:
81 | {{ toYaml .Values.nexus.resources | nindent 12 }}
82 | ports:
83 | - name: nexus-ui
84 | containerPort: {{ .Values.nexus.nexusPort }}
85 | {{- if .Values.nexus.docker.enabled }}
86 | {{- range .Values.nexus.docker.registries }}
87 | - name: docker-{{ .port }}
88 | containerPort: {{ .port }}
89 | {{- end }}
90 | {{- end }}
91 | livenessProbe:
92 | httpGet:
93 | path: {{ .Values.nexus.livenessProbe.path }}
94 | port: {{ .Values.nexus.nexusPort }}
95 | initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }}
96 | periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }}
97 | failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }}
98 | {{- if .Values.nexus.livenessProbe.timeoutSeconds }}
99 | timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }}
100 | {{- end }}
101 | readinessProbe:
102 | httpGet:
103 | path: {{ .Values.nexus.readinessProbe.path }}
104 | port: {{ .Values.nexus.nexusPort }}
105 | initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }}
106 | periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }}
107 | failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }}
108 | {{- if .Values.nexus.readinessProbe.timeoutSeconds }}
109 | timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }}
110 | {{- end }}
111 | volumeMounts:
112 | - mountPath: /nexus-data
113 | name: {{ template "nexus.name" . }}-data
114 | {{- if .Values.config.enabled }}
115 | - mountPath: {{ .Values.config.mountPath }}
116 | name: {{ template "nexus.name" . }}-conf
117 | {{- end }}
118 | {{- if .Values.nexus.properties.override }}
119 | - mountPath: /nexus-data/etc/nexus.properties
120 | name: {{ template "nexus.name" . }}-properties
121 | subPath: nexus.properties
122 | {{- end }}
123 | {{- if .Values.secret.enabled }}
124 | - mountPath: {{ .Values.secret.mountPath }}
125 | name: {{ template "nexus.name" . }}-secret
126 | readOnly: {{ .Values.secret.readOnly }}
127 | {{- end }}
128 | {{- if .Values.deployment.additionalVolumeMounts}}
129 | {{ toYaml .Values.deployment.additionalVolumeMounts | nindent 12 }}
130 | {{- end }}
131 | {{- if .Values.deployment.additionalContainers }}
132 | {{ toYaml .Values.deployment.additionalContainers | nindent 8 }}
133 | {{- end }}
134 | {{- if .Values.nexus.securityContext }}
135 | securityContext:
136 | {{ toYaml .Values.nexus.securityContext | nindent 8 }}
137 | {{- end }}
138 | volumes:
139 | - name: {{ template "nexus.name" . }}-data
140 | {{- if .Values.persistence.enabled }}
141 | persistentVolumeClaim:
142 | claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }}
143 | {{- else }}
144 | emptyDir: {}
145 | {{- end }}
146 | {{- if .Values.config.enabled }}
147 | - name: {{ template "nexus.name" . }}-conf
148 | configMap:
149 | name: {{ template "nexus.name" . }}-conf
150 | {{- end }}
151 | {{- if .Values.nexus.properties.override }}
152 | - name: {{ template "nexus.name" . }}-properties
153 | configMap:
154 | name: {{ template "nexus.name" . }}-properties
155 | items:
156 | - key: nexus.properties
157 | path: nexus.properties
158 | {{- end }}
159 | {{- if .Values.secret.enabled }}
160 | - name: {{ template "nexus.name" . }}-secret
161 | secret:
162 | secretName: {{ template "nexus.name" . }}-secret
163 | {{- end }}
164 | {{- if .Values.deployment.additionalVolumes }}
165 | {{ toYaml .Values.deployment.additionalVolumes | nindent 8 }}
166 | {{- end }}
167 | {{- with .Values.tolerations }}
168 | tolerations:
169 | {{ toYaml . | nindent 8 }}
170 | {{- end }}
171 |
--------------------------------------------------------------------------------
/nexus-repository-manager/tests/ingress_test.yaml:
--------------------------------------------------------------------------------
1 | ---
2 | suite: ingress
3 | templates:
4 | - ingress.yaml
5 | tests:
6 | - it: renders with defaults
7 | set:
8 | ingress:
9 | enabled: true
10 | asserts:
11 | - hasDocuments:
12 | count: 1
13 | - isKind:
14 | of: Ingress
15 | - equal:
16 | path: apiVersion
17 | value: networking.k8s.io/v1
18 | - equal:
19 | path: metadata.labels.[app.kubernetes.io/instance]
20 | value: RELEASE-NAME
21 | - equal:
22 | path: metadata.labels.[app.kubernetes.io/managed-by]
23 | value: Helm
24 | - matchRegex:
25 | path: metadata.labels.[app.kubernetes.io/version]
26 | pattern: \d+\.\d+\.\d+
27 | - matchRegex:
28 | path: metadata.labels.[helm.sh/chart]
29 | pattern: nexus-repository-manager-\d+\.\d+\.\d+
30 | - equal:
31 | path: metadata.labels.[app.kubernetes.io/name]
32 | value: nexus-repository-manager
33 | - equal:
34 | path: metadata.annotations
35 | value:
36 | nginx.ingress.kubernetes.io/proxy-body-size: "0"
37 |
38 | - documentIndex: 0
39 | equal:
40 | path: metadata.name
41 | value: RELEASE-NAME-nexus-repository-manager
42 | - documentIndex: 0
43 | equal:
44 | path: spec
45 | value:
46 | ingressClassName: nginx
47 | rules:
48 | - host: repo.demo
49 | http:
50 | paths:
51 | - path: /
52 | pathType: Prefix
53 | backend:
54 | service:
55 | name: RELEASE-NAME-nexus-repository-manager
56 | port:
57 | number: 8081
58 | - it: renders a second docker ingress
59 | set:
60 | ingress:
61 | enabled: true
62 | nexus:
63 | docker:
64 | enabled: true
65 | registries:
66 | - host: docker.repo.demo
67 | port: 5000
68 | secretName: registry-secret
69 | asserts:
70 | - hasDocuments:
71 | count: 2
72 | - isKind:
73 | of: Ingress
74 | - equal:
75 | path: apiVersion
76 | value: networking.k8s.io/v1
77 | - equal:
78 | path: metadata.labels.[app.kubernetes.io/instance]
79 | value: RELEASE-NAME
80 | - equal:
81 | path: metadata.labels.[app.kubernetes.io/managed-by]
82 | value: Helm
83 | - matchRegex:
84 | path: metadata.labels.[app.kubernetes.io/version]
85 | pattern: \d+\.\d+\.\d+
86 | - matchRegex:
87 | path: metadata.labels.[helm.sh/chart]
88 | pattern: nexus-repository-manager-\d+\.\d+\.\d+
89 | - equal:
90 | path: metadata.labels.[app.kubernetes.io/name]
91 | value: nexus-repository-manager
92 | - equal:
93 | path: metadata.annotations
94 | value:
95 | nginx.ingress.kubernetes.io/proxy-body-size: "0"
96 |
97 | - documentIndex: 0
98 | equal:
99 | path: metadata.name
100 | value: RELEASE-NAME-nexus-repository-manager
101 | - documentIndex: 0
102 | equal:
103 | path: spec
104 | value:
105 | ingressClassName: nginx
106 | rules:
107 | - host: repo.demo
108 | http:
109 | paths:
110 | - path: /
111 | pathType: Prefix
112 | backend:
113 | service:
114 | name: RELEASE-NAME-nexus-repository-manager
115 | port:
116 | number: 8081
117 | - documentIndex: 1
118 | equal:
119 | path: metadata.name
120 | value: RELEASE-NAME-nexus-repository-manager-docker-5000
121 | - documentIndex: 1
122 | equal:
123 | path: spec
124 | value:
125 | ingressClassName: nginx
126 | rules:
127 | - host: docker.repo.demo
128 | http:
129 | paths:
130 | - path: /
131 | pathType: Prefix
132 | backend:
133 | service:
134 | name: RELEASE-NAME-nexus-repository-manager-docker-5000
135 | port:
136 | number: 5000
137 | tls:
138 | - hosts:
139 | - docker.repo.demo
140 | secretName: registry-secret
141 | - it: we can exclude ingressClassName for repo ingress and docker ingress
142 | set:
143 | ingress:
144 | enabled: true
145 | ingressClassName: {}
146 | nexus:
147 | docker:
148 | enabled: true
149 | registries:
150 | - host: docker.repo.demo
151 | port: 5000
152 | secretName: registry-secret
153 | asserts:
154 | - hasDocuments:
155 | count: 2
156 | - isKind:
157 | of: Ingress
158 | - equal:
159 | path: apiVersion
160 | value: networking.k8s.io/v1
161 | - equal:
162 | path: metadata.labels.[app.kubernetes.io/instance]
163 | value: RELEASE-NAME
164 | - equal:
165 | path: metadata.labels.[app.kubernetes.io/managed-by]
166 | value: Helm
167 | - matchRegex:
168 | path: metadata.labels.[app.kubernetes.io/version]
169 | pattern: \d+\.\d+\.\d+
170 | - matchRegex:
171 | path: metadata.labels.[helm.sh/chart]
172 | pattern: nexus-repository-manager-\d+\.\d+\.\d+
173 | - equal:
174 | path: metadata.labels.[app.kubernetes.io/name]
175 | value: nexus-repository-manager
176 | - equal:
177 | path: metadata.annotations
178 | value:
179 | nginx.ingress.kubernetes.io/proxy-body-size: "0"
180 |
181 | - documentIndex: 0
182 | equal:
183 | path: metadata.name
184 | value: RELEASE-NAME-nexus-repository-manager
185 | - documentIndex: 0
186 | equal:
187 | path: spec
188 | value:
189 | rules:
190 | - host: repo.demo
191 | http:
192 | paths:
193 | - path: /
194 | pathType: Prefix
195 | backend:
196 | service:
197 | name: RELEASE-NAME-nexus-repository-manager
198 | port:
199 | number: 8081
200 | - documentIndex: 1
201 | equal:
202 | path: metadata.name
203 | value: RELEASE-NAME-nexus-repository-manager-docker-5000
204 | - documentIndex: 1
205 | equal:
206 | path: spec
207 | value:
208 | rules:
209 | - host: docker.repo.demo
210 | http:
211 | paths:
212 | - path: /
213 | pathType: Prefix
214 | backend:
215 | service:
216 | name: RELEASE-NAME-nexus-repository-manager-docker-5000
217 | port:
218 | number: 5000
219 | tls:
220 | - hosts:
221 | - docker.repo.demo
222 | secretName: registry-secret
223 | - it: is disabled by default
224 | asserts:
225 | - hasDocuments:
226 | count: 0
227 |
228 | - it: renders with tls config when provided
229 | set:
230 | ingress:
231 | enabled: true
232 | tls:
233 | - secretName: nexus-tls-local
234 | hosts:
235 | - repo.host
236 | asserts:
237 | - equal:
238 | path: spec.tls
239 | value:
240 | - secretName: nexus-tls-local
241 | hosts:
242 | - repo.host
243 |
--------------------------------------------------------------------------------
/nxrm-aws-resiliency/templates/fluent-bit.yaml:
--------------------------------------------------------------------------------
1 | {{- if .Values.fluentbit.enabled -}}
2 | apiVersion: v1
3 | kind: ServiceAccount
4 | metadata:
5 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit
6 | namespace: {{ .Values.namespaces.cloudwatchNs }}
7 | ---
8 | apiVersion: rbac.authorization.k8s.io/v1
9 | kind: ClusterRole
10 | metadata:
11 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit-role
12 | rules:
13 | - nonResourceURLs:
14 | - /metrics
15 | verbs:
16 | - get
17 | - apiGroups: [""]
18 | resources:
19 | - namespaces
20 | - pods
21 | - pods/logs
22 | verbs: ["get", "list", "watch"]
23 | ---
24 | apiVersion: rbac.authorization.k8s.io/v1
25 | kind: ClusterRoleBinding
26 | metadata:
27 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit-role-binding
28 | roleRef:
29 | apiGroup: rbac.authorization.k8s.io
30 | kind: ClusterRole
31 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit-role
32 | subjects:
33 | - kind: ServiceAccount
34 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit
35 | namespace: {{ .Values.namespaces.cloudwatchNs }}
36 | ---
37 | apiVersion: v1
38 | kind: ConfigMap
39 | metadata:
40 | name: fluent-bit-cluster-info
41 | namespace: {{ .Values.namespaces.cloudwatchNs }}
42 | data:
43 | cluster.name: {{ .Values.deployment.clusterName }}
44 | http.server: "On"
45 | http.port: "2020"
46 | read.head: "Off"
47 | read.tail: "On"
48 | logs.region: {{ .Values.deployment.logsRegion }}
49 | ---
50 | apiVersion: v1
51 | kind: ConfigMap
52 | metadata:
53 | name: {{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-fluent-bit-config
54 | namespace: {{ .Values.namespaces.cloudwatchNs }}
55 | labels:
56 | k8s-app: fluent-bit
57 | data:
58 | fluent-bit.conf: |
59 | [SERVICE]
60 | Flush 5
61 | Log_Level info
62 | Daemon off
63 | Parsers_File parsers.conf
64 | HTTP_Server ${HTTP_SERVER}
65 | HTTP_Listen 0.0.0.0
66 | HTTP_Port ${HTTP_PORT}
67 | storage.path /var/fluent-bit/state/flb-storage/
68 | storage.sync normal
69 | storage.checksum off
70 | storage.backlog.mem_limit 5M
71 |
72 | @INCLUDE nexus-log.conf
73 | @INCLUDE nexus-request-log.conf
74 | @INCLUDE nexus-audit-log.conf
75 | @INCLUDE nexus-tasks-log.conf
76 |
77 | nexus-log.conf: |
78 | [INPUT]
79 | Name tail
80 | Tag nexus.nexus-log
81 | Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_nxrm-app-*.log
82 | Parser docker
83 | DB /var/fluent-bit/state/flb_container.db
84 | Mem_Buf_Limit 5MB
85 | Skip_Long_Lines Off
86 | Refresh_Interval 10
87 | Rotate_Wait 30
88 | storage.type filesystem
89 | Read_from_Head ${READ_FROM_HEAD}
90 |
91 | [FILTER]
92 | Name kubernetes
93 | Match nexus.nexus-log
94 | Kube_URL https://kubernetes.default.svc:443
95 | Kube_Tag_Prefix application.var.log.containers.
96 | Merge_Log On
97 | Merge_Log_Key log_processed
98 | K8S-Logging.Parser On
99 | K8S-Logging.Exclude Off
100 | Labels Off
101 | Annotations Off
102 |
103 | [OUTPUT]
104 | Name cloudwatch_logs
105 | Match nexus.nexus-log
106 | region ${AWS_REGION}
107 | log_group_name /aws/containerinsights/${CLUSTER_NAME}/nexus-logs
108 | log_stream_prefix ${HOST_NAME}-nexus.log-
109 | auto_create_group true
110 | extra_user_agent container-insights
111 |
112 | nexus-request-log.conf: |
113 | [INPUT]
114 | Name tail
115 | Tag nexus.request-log
116 | Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_request-log-*.log
117 | Parser docker
118 | DB /var/fluent-bit/state/flb_container.db
119 | Mem_Buf_Limit 5MB
120 | Skip_Long_Lines Off
121 | Refresh_Interval 10
122 | Rotate_Wait 30
123 | storage.type filesystem
124 | Read_from_Head ${READ_FROM_HEAD}
125 |
126 | [FILTER]
127 | Name kubernetes
128 | Match nexus.request-log
129 | Kube_URL https://kubernetes.default.svc:443
130 | Kube_Tag_Prefix application.var.log.containers.
131 | Merge_Log On
132 | Merge_Log_Key log_processed
133 | K8S-Logging.Parser On
134 | K8S-Logging.Exclude Off
135 | Labels Off
136 | Annotations Off
137 |
138 | [OUTPUT]
139 | Name cloudwatch_logs
140 | Match nexus.request-log
141 | region ${AWS_REGION}
142 | log_group_name /aws/containerinsights/${CLUSTER_NAME}/nexus-logs
143 | log_stream_prefix ${HOST_NAME}-request.log-
144 | auto_create_group true
145 | extra_user_agent container-insights
146 |
147 | nexus-audit-log.conf: |
148 | [INPUT]
149 | Name tail
150 | Tag nexus.audit-log
151 | Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_audit-log-*.log
152 | Parser docker
153 | DB /var/fluent-bit/state/flb_container.db
154 | Mem_Buf_Limit 5MB
155 | Skip_Long_Lines Off
156 | Refresh_Interval 10
157 | Rotate_Wait 30
158 | storage.type filesystem
159 | Read_from_Head ${READ_FROM_HEAD}
160 |
161 | [FILTER]
162 | Name kubernetes
163 | Match nexus.audit-log
164 | Kube_URL https://kubernetes.default.svc:443
165 | Kube_Tag_Prefix application.var.log.containers.
166 | Merge_Log On
167 | Merge_Log_Key log_processed
168 | K8S-Logging.Parser On
169 | K8S-Logging.Exclude Off
170 | Labels Off
171 | Annotations Off
172 |
173 | [OUTPUT]
174 | Name cloudwatch_logs
175 | Match nexus.audit-log
176 | region ${AWS_REGION}
177 | log_group_name /aws/containerinsights/${CLUSTER_NAME}/nexus-logs
178 | log_stream_prefix ${HOST_NAME}-audit.log-
179 | auto_create_group true
180 | extra_user_agent container-insights
181 |
182 | nexus-tasks-log.conf: |
183 | [INPUT]
184 | Name tail
185 | Tag nexus.tasks-log
186 | Path /var/log/containers/{{ .Chart.Name }}-{{ .Chart.Version }}.{{ .Release.Name }}-{{ .Values.deployment.name }}*{{ .Values.namespaces.nexusNs }}_tasks-log-*.log
187 | Parser docker
188 | DB /var/fluent-bit/state/flb_container.db
189 | Mem_Buf_Limit 5MB
190 | Skip_Long_Lines Off
191 | Refresh_Interval 10
192 | Rotate_Wait 30
193 | storage.type filesystem
194 | Read_from_Head ${READ_FROM_HEAD}
195 |
196 | [FILTER]
197 | Name kubernetes
198 | Match nexus.tasks-log
199 | Kube_URL https://kubernetes.default.svc:443
200 | Kube_Tag_Prefix application.var.log.containers.
201 | Merge_Log On
202 | Merge_Log_Key log_processed
203 | K8S-Logging.Parser On
204 | K8S-Logging.Exclude Off
205 | Labels Off
206 | Annotations Off
207 |
208 | [OUTPUT]
209 | Name cloudwatch_logs
210 | Match nexus.tasks-log
211 | region ${AWS_REGION}
212 | log_group_name /aws/containerinsights/${CLUSTER_NAME}/nexus-logs
213 | log_stream_prefix ${HOST_NAME}-tasks.log-
214 | auto_create_group true
215 | extra_user_agent container-insights
216 |
217 | parsers.conf: |
218 | [PARSER]
219 | Name docker
220 | Format json
221 | Time_Key time
222 | Time_Format %Y-%m-%dT%H:%M:%S.%LZ
223 |
224 | [PARSER]
225 | Name syslog
226 | Format regex
227 | Regex ^(?