From 8123c3db213dd90eb57a3a39fe4e02f387f6b96a Mon Sep 17 00:00:00 2001 From: spryhoda Date: Tue, 13 Sep 2022 15:33:07 +0300 Subject: [PATCH] NEXUS-34974 Publish nxrm helm charts to Sonatype helm repo and Artifact Hub --- Jenkinsfile-Release | 4 +- build.sh | 4 +- nexus-repository-manager/.helmignore | 24 ++ nexus-repository-manager/Chart.yaml | 40 +++ nexus-repository-manager/LICENSE | 13 + nexus-repository-manager/README.md | 212 +++++++++++++++ nexus-repository-manager/templates/NOTES.txt | 27 ++ .../templates/_helpers.tpl | 63 +++++ .../templates/configmap-properties.yaml | 17 ++ .../templates/configmap.yaml | 15 ++ .../templates/deployment.yaml | 163 ++++++++++++ .../templates/ingress.yaml | 85 ++++++ .../templates/proxy-route.yaml | 23 ++ nexus-repository-manager/templates/pv.yaml | 26 ++ nexus-repository-manager/templates/pvc.yaml | 30 +++ nexus-repository-manager/templates/route.yaml | 27 ++ .../templates/secret.yaml | 15 ++ .../templates/service.yaml | 66 +++++ .../templates/serviceaccount.yaml | 15 ++ .../templates/test/test-check-logs.yaml | 25 ++ .../templates/test/test-connection.yaml | 15 ++ .../tests/deployment_test.yaml | 113 ++++++++ .../tests/ingress_test.yaml | 242 ++++++++++++++++++ nexus-repository-manager/values.yaml | 184 +++++++++++++ 24 files changed, 1444 insertions(+), 4 deletions(-) create mode 100644 nexus-repository-manager/.helmignore create mode 100644 nexus-repository-manager/Chart.yaml create mode 100644 nexus-repository-manager/LICENSE create mode 100644 nexus-repository-manager/README.md create mode 100644 nexus-repository-manager/templates/NOTES.txt create mode 100644 nexus-repository-manager/templates/_helpers.tpl create mode 100644 nexus-repository-manager/templates/configmap-properties.yaml create mode 100644 nexus-repository-manager/templates/configmap.yaml create mode 100644 nexus-repository-manager/templates/deployment.yaml create mode 100644 nexus-repository-manager/templates/ingress.yaml create mode 100644 nexus-repository-manager/templates/proxy-route.yaml create mode 100644 nexus-repository-manager/templates/pv.yaml create mode 100644 nexus-repository-manager/templates/pvc.yaml create mode 100644 nexus-repository-manager/templates/route.yaml create mode 100644 nexus-repository-manager/templates/secret.yaml create mode 100644 nexus-repository-manager/templates/service.yaml create mode 100644 nexus-repository-manager/templates/serviceaccount.yaml create mode 100644 nexus-repository-manager/templates/test/test-check-logs.yaml create mode 100644 nexus-repository-manager/templates/test/test-connection.yaml create mode 100644 nexus-repository-manager/tests/deployment_test.yaml create mode 100644 nexus-repository-manager/tests/ingress_test.yaml create mode 100644 nexus-repository-manager/values.yaml diff --git a/Jenkinsfile-Release b/Jenkinsfile-Release index 8d0a231..139172e 100644 --- a/Jenkinsfile-Release +++ b/Jenkinsfile-Release @@ -42,11 +42,11 @@ dockerizedBuildPipeline( buildAndTest: { sonatypeZionGitConfig() runSafely "git checkout ${gitBranch(env)}" - //runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}" + runSafely "./upgrade.sh ./nexus-repository-manager ${chartVersion} ${params.appVersion}" runSafely "./upgrade.sh ./nxrm-aws-resiliency ${chartVersion} ${params.appVersion}" runSafely './build.sh' runSafely 'git add nxrm-aws-resiliency' - //runSafely 'git add nexus-repository-manager' + runSafely 'git add nexus-repository-manager' }, skipVulnerabilityScan: true, archiveArtifacts: 'docs/*', diff --git a/build.sh b/build.sh index c7997d2..69c3c8e 100755 --- a/build.sh +++ b/build.sh @@ -18,7 +18,7 @@ set -e # lint yaml of charts helm lint ./nxrm-aws-resiliency -#helm lint ./nexus-repository-manager +helm lint ./nexus-repository-manager # unit test #(cd ./nxrm-aws-resiliency; helm unittest -3 -t junit -o test-output.xml .) @@ -26,4 +26,4 @@ helm lint ./nxrm-aws-resiliency # package the charts into tgz archives helm package ./nxrm-aws-resiliency --destination docs -#helm package ./nexus-repository-manager --destination docs +helm package ./nexus-repository-manager --destination docs diff --git a/nexus-repository-manager/.helmignore b/nexus-repository-manager/.helmignore new file mode 100644 index 0000000..9301b24 --- /dev/null +++ b/nexus-repository-manager/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS +*.tar diff --git a/nexus-repository-manager/Chart.yaml b/nexus-repository-manager/Chart.yaml new file mode 100644 index 0000000..5bf2978 --- /dev/null +++ b/nexus-repository-manager/Chart.yaml @@ -0,0 +1,40 @@ +apiVersion: v2 +name: nexus-repository-manager + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 41.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 3.41.1 + +description: Sonatype Nexus Repository Manager - Universal Binary repository + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +keywords: + - artifacts + - dependency + - management + - sonatype + - nexus + - repository + - quickstart + - ci + - repository-manager + - nexus3 +home: https://www.sonatype.com/nexus-repository-oss +icon: https://sonatype.github.io/helm3-charts/NexusRepo_Vertical.svg +sources: + - https://github.com/sonatype/nexus-public +maintainers: + - email: support@sonatype.com + name: Sonatype diff --git a/nexus-repository-manager/LICENSE b/nexus-repository-manager/LICENSE new file mode 100644 index 0000000..84cbff0 --- /dev/null +++ b/nexus-repository-manager/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2020-present Sonatype, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/nexus-repository-manager/README.md b/nexus-repository-manager/README.md new file mode 100644 index 0000000..e0979f2 --- /dev/null +++ b/nexus-repository-manager/README.md @@ -0,0 +1,212 @@ +# Nexus Repository + +[Nexus Repository OSS](https://www.sonatype.com/nexus-repository-oss) provides universal support for all major build tools. + +- Store and distribute Maven/Java, npm, NuGet, Helm, Docker, p2, OBR, APT, Go, R, Conan components and more. +- Manage components from dev through delivery: binaries, containers, assemblies, and finished goods. +- Support for the Java Virtual Machine (JVM) ecosystem, including Gradle, Ant, Maven, and Ivy. +- Compatible with popular tools like Eclipse, IntelliJ, Hudson, Jenkins, Puppet, Chef, Docker, and more. + +*Efficiency and Flexibility to Empower Development Teams* + +- Streamline productivity by sharing components internally. +- Gain insight into component security, license, and quality issues. +- Build off-line with remote package availability. +- Integrate with industry-leading build tools. +--- + +## Introduction + +This chart installs a single Nexus Repository instance within a Kubernetes cluster that has a single node (server) configured. It is not appropriate for a resilient Nexus Repository deployment. Refer to our [resiliency documentation](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability) for information about resilient Nexus Repository deployment options. + +Use the checklist below to determine if this Helm chart is suitable for your deployment needs. + +### When to Use This Helm Chart +Use this Helm chart if you are doing any of the following: +- Deploying either Nexus Repository Pro or OSS to an on-premises environment with bare metal/VM server (Node) +- Deploying a single Nexus Repository instance within a Kubernetes cluster that has a single Node configured + +> **Note**: If you are using Nexus Repository Pro, your license file and embedded database will reside on the node and be mounted on the container as a Persistent Volume (required). + + +### When Not to Use This Helm Chart +Do not use this Helm chart and, instead, refer to our [resiliency documentation](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability) if you are doing any of the following: + +- Deploying Nexus Repository Pro to a cloud environment with the desire for automatic failover across Availability Zones (AZs) within a single region +- Planning to configure a single Nexus Repository Pro instance within your Kubernetes/EKS cluster with two or more nodes spread across different AZs within an AWS region +- Using an external PostgreSQL database + +> **Note**: A Nexus Repository Pro license is required for our resilient deployment options. Your Nexus Repository Pro license file must be stored externally as either mounted from AWS Secrets/Azure Key Vault in AWS/Azure deployments or mounted using Kustomize for on-premises deployments (required). + +> **Note**: We do not currently provide Helm charts for our resilient deployment options. + +--- + +## Prerequisites for This Chart + +- Kubernetes 1.19+ +- PV provisioner support in the underlying infrastructure +- Helm 3 + +### With Open Docker Image + +By default, this Chart uses Sonatype's Public Docker image. If you want to use a different image, run with the following: `--set nexus.imageName=/`. + +## Adding the Sonatype Repository to your Helm + +To add as a Helm Repo +```helm repo add sonatype https://sonatype.github.io/helm3-charts/``` + +--- + +## Testing the Chart +To test the chart, use the following: +```bash +$ helm install --dry-run --debug --generate-name ./ +``` +To test the chart with your own values, use the following: +```bash +$ helm install --dry-run --debug --generate-name -f myvalues.yaml ./ +``` + +--- + +## Installing the Chart + +To install the chart, use the following: + +```bash +$ helm install nexus-rm sonatype/nexus-repository-manager [ --version v29.2.0 ] +``` + +The above command deploys Nexus Repository on the Kubernetes cluster in the default configuration. + +You can pass custom configuration values as follows: + +```bash +$ helm install -f myvalues.yaml sonatype-nexus ./ +``` + +The default login is randomized and can be found in `/nexus-data/admin.password` or you can get the initial static passwords (admin/admin123) +by setting the environment variable `NEXUS_SECURITY_RANDOMPASSWORD` to `false` in your `values.yaml`. + +--- + +## Uninstalling the Chart + +To uninstall/delete the deployment, use the following: + +```bash +$ helm list +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +plinking-gopher default 1 2021-03-10 15:44:57.301847 -0800 PST deployed nexus-repository-manager-29.2.0 3.29.2 +$ helm delete plinking-gopher +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +--- + +## Configuration + +The following table lists the configurable parameters of the Nexus chart and their default values. + +| Parameter | Description | Default | +|--------------------------------------------|----------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| +| `deploymentStrategy` | Deployment Strategy | `Recreate` | +| `nexus.imagePullPolicy` | Nexus Repository image pull policy | `IfNotPresent` | +| `imagePullSecrets` | The names of the kubernetes secrets with credentials to login to a registry | `[]` | +| `nexus.docker.enabled` | Enable/disable Docker support | `false` | +| `nexus.docker.registries` | Support multiple Docker registries | (see below) | +| `nexus.docker.registries[0].host` | Host for the Docker registry | `cluster.local` | +| `nexus.docker.registries[0].port` | Port for the Docker registry | `5000` | +| `nexus.docker.registries[0].secretName` | TLS Secret Name for the ingress | `registrySecret` | +| `nexus.env` | Nexus Repository environment variables | `[{INSTALL4J_ADD_VM_PARAMS: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` | +| `nexus.resources` | Nexus Repository resource requests and limits | `{}` | +| `nexus.nexusPort` | Internal port for Nexus Repository service | `8081` | +| `nexus.securityContext` | Security Context (for enabling official image use `fsGroup: 2000`) | `{}` | +| `nexus.labels` | Service labels | `{}` | +| `nexus.podAnnotations` | Pod Annotations | `{}` | +| `nexus.livenessProbe.initialDelaySeconds` | LivenessProbe initial delay | 30 | +| `nexus.livenessProbe.periodSeconds` | Seconds between polls | 30 | +| `nexus.livenessProbe.failureThreshold` | Number of attempts before failure | 6 | +| `nexus.livenessProbe.timeoutSeconds` | Time in seconds after liveness probe times out | `nil` | +| `nexus.livenessProbe.path` | Path for LivenessProbe | / | +| `nexus.readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay | 30 | +| `nexus.readinessProbe.periodSeconds` | Seconds between polls | 30 | +| `nexus.readinessProbe.failureThreshold` | Number of attempts before failure | 6 | +| `nexus.readinessProbe.timeoutSeconds` | Time in seconds after readiness probe times out | `nil` | +| `nexus.readinessProbe.path` | Path for ReadinessProbe | / | +| `nexus.hostAliases` | Aliases for IPs in /etc/hosts | [] | +| `nexus.properties.override` | Set to true to override default nexus.properties | `false` | +| `nexus.properties.data` | A map of custom nexus properties if `override` is set to true | `nexus.scripts.allowCreation: true` | +| `ingress.enabled` | Create an ingress for Nexus Repository | `false` | +| `ingress.annotations` | Annotations to enhance ingress configuration | `{kubernetes.io/ingress.class: nginx}` | +| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` | +| `ingress.path` | Path for ingress rules. GCP users should set to `/*`. | `/` | +| `tolerations` | tolerations list | `[]` | +| `config.enabled` | Enable configmap | `false` | +| `config.mountPath` | Path to mount the config | `/sonatype-nexus-conf` | +| `config.data` | Configmap data | `nil` | +| `deployment.annotations` | Annotations to enhance deployment configuration | `{}` | +| `deployment.initContainers` | Init containers to run before main containers | `nil` | +| `deployment.postStart.command` | Command to run after starting the container | `nil` | +| `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s | +| `deployment.additionalContainers` | Add additional Container | `nil` | +| `deployment.additionalVolumes` | Add additional Volumes | `nil` | +| `deployment.additionalVolumeMounts` | Add additional Volume mounts | `nil` | +| `secret.enabled` | Enable secret | `false` | +| `secret.mountPath` | Path to mount the secret | `/etc/secret-volume` | +| `secret.readOnly` | Secret readonly state | `true` | +| `secret.data` | Secret data | `nil` | +| `service.enabled` | Enable additional service | `true` | +| `service.name` | Service name | `nexus3` | +| `service.labels` | Service labels | `nil` | +| `service.annotations` | Service annotations | `nil` | +| `service.type` | Service Type | `ClusterIP` | +| `route.enabled` | Set to true to create route for additional service | `false` | +| `route.name` | Name of route | `docker` | +| `route.portName` | Target port name of service | `docker` | +| `route.labels` | Labels to be added to route | `{}` | +| `route.annotations` | Annotations to be added to route | `{}` | +| `route.path` | Host name of Route e.g. jenkins.example.com | nil | +| `serviceAccount.create` | Set to true to create ServiceAccount | `true` | +| `serviceAccount.annotations` | Set annotations for ServiceAccount | `{}` | +| `serviceAccount.name` | The name of the service account to use. Auto-generate if not set and create is true. | `{}` | +| `persistence.enabled` | Set false to eliminate persistent storage | `true` | +| `persistence.existingClaim` | Specify the name of an existing persistent volume claim to use instead of creating a new one | nil | +| `persistence.storageSize` | Size of the storage the chart will request | `8Gi` | + +### Persistence + +By default, a `PersistentVolumeClaim` is created and mounted into the `/nexus-data` directory. In order to disable this functionality, you can change the `values.yaml` to disable persistence, which will use an `emptyDir` instead. + +> *"An emptyDir volume is first created when a Pod is assigned to a Node, and exists as long as that Pod is running on that node. When a Pod is removed from a node for any reason, the data in the emptyDir is deleted forever."* + +## Using the Image from the Red Hat Registry + +To use the [Nexus Repository Manager image available from Red Hat's registry](https://catalog.redhat.com/software/containers/sonatype/nexus-repository-manager/594c281c1fbe9847af657690), +you'll need to: +* Load the credentials for the registry as a secret in your cluster + ```shell + kubectl create secret docker-registry redhat-pull-secret \ + --docker-server=registry.connect.redhat.com \ + --docker-username= \ + --docker-password= \ + --docker-email= + ``` + See Red Hat's [Registry Authentication documentation](https://access.redhat.com/RegistryAuthentication) + for further details. +* Provide the name of the secret in `imagePullSecrets` in this chart's `values.yaml` + ```yaml + imagePullSecrets: + - name: redhat-pull-secret + ``` +* Set `image.name` and `image.tag` in `values.yaml` + ```yaml + image: + repository: registry.connect.redhat.com/sonatype/nexus-repository-server + tag: 3.39.0-ubi-1 + ``` + +--- diff --git a/nexus-repository-manager/templates/NOTES.txt b/nexus-repository-manager/templates/NOTES.txt new file mode 100644 index 0000000..ed3c454 --- /dev/null +++ b/nexus-repository-manager/templates/NOTES.txt @@ -0,0 +1,27 @@ +{{- if .Values.ingress.enabled }} +1. Your ingresses are available here: + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $.Values.ingress.hostRepo }}{{ $.Values.ingress.hostPath }} + {{- if $.Values.nexus.docker.enabled }} + {{- range $registry := .Values.nexus.docker.registries }} + https://{{ $registry.host }}/ + {{- end }} + {{- end }} +{{- else if contains "NodePort" .Values.service.type }} +1. Get the application URL by running these commands: + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "nexus.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + Your application is available at http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} +1. Get the application URL by running these commands: + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "nexus.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "nexus.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{- range $index, $port := .Values.service.ports }} + Your application is available at http://$SERVICE_IP:{{ $port }} + {{- end }} +{{- else if contains "ClusterIP" .Values.service.type }} +1. Get the application URL by running these commands: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "nexus.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8081:80 + Your application is available at http://127.0.0.1 +{{- end }} diff --git a/nexus-repository-manager/templates/_helpers.tpl b/nexus-repository-manager/templates/_helpers.tpl new file mode 100644 index 0000000..e726f1f --- /dev/null +++ b/nexus-repository-manager/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nexus.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nexus.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nexus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "nexus.labels" -}} +helm.sh/chart: {{ include "nexus.chart" . }} +{{ include "nexus.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "nexus.selectorLabels" -}} +app.kubernetes.io/name: {{ include "nexus.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "nexus.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "nexus.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/nexus-repository-manager/templates/configmap-properties.yaml b/nexus-repository-manager/templates/configmap-properties.yaml new file mode 100644 index 0000000..c1a5808 --- /dev/null +++ b/nexus-repository-manager/templates/configmap-properties.yaml @@ -0,0 +1,17 @@ +{{- if .Values.nexus.properties.override -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "nexus.name" . }}-properties + labels: {{- include "nexus.labels" . | nindent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +data: + nexus.properties: | + {{- range $k, $v := .Values.nexus.properties.data }} + {{ $k }}={{ $v }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/nexus-repository-manager/templates/configmap.yaml b/nexus-repository-manager/templates/configmap.yaml new file mode 100644 index 0000000..55418b1 --- /dev/null +++ b/nexus-repository-manager/templates/configmap.yaml @@ -0,0 +1,15 @@ +{{- if .Values.config.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "nexus.name" . }}-conf + labels: +{{ include "nexus.labels" . | indent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +data: +{{ toYaml .Values.config.data | indent 2 }} +{{- end }} \ No newline at end of file diff --git a/nexus-repository-manager/templates/deployment.yaml b/nexus-repository-manager/templates/deployment.yaml new file mode 100644 index 0000000..d3eea71 --- /dev/null +++ b/nexus-repository-manager/templates/deployment.yaml @@ -0,0 +1,163 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nexus.fullname" . }} + labels: +{{ include "nexus.labels" . | indent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +{{- if .Values.deployment.annotations }} + annotations: + {{ toYaml .Values.deployment.annotations | nindent 4 }} +{{- end }} +spec: + replicas: 1 + strategy: + type: {{ .Values.deploymentStrategy }} + selector: + matchLabels: + {{- include "nexus.selectorLabels" . | nindent 6 }} + {{- if .Values.nexus.extraSelectorLabels }} + {{- with .Values.nexus.extraSelectorLabels }} + {{ toYaml . | indent 6 }} + {{- end }} + {{- end }} + template: + metadata: + annotations: + checksum/configmap-properties: {{ include (print .Template.BasePath "/configmap-properties.yaml") $ | sha256sum }} + {{- if .Values.nexus.podAnnotations }} + {{ toYaml .Values.nexus.podAnnotations | nindent 8}} + {{- end }} + labels: + {{- include "nexus.selectorLabels" . | nindent 8 }} + spec: + serviceAccountName: {{ include "nexus.serviceAccountName" . }} + {{- if .Values.deployment.initContainers }} + initContainers: + {{ toYaml .Values.deployment.initContainers | nindent 6 }} + {{- end }} + {{- if .Values.nexus.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nexus.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.nexus.hostAliases }} + hostAliases: + {{ toYaml .Values.nexus.hostAliases | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.deployment.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.deployment.terminationGracePeriodSeconds }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + + lifecycle: + {{- if .Values.deployment.postStart.command }} + postStart: + exec: + command: {{ .Values.deployment.postStart.command }} + {{- end }} + env: + {{ toYaml .Values.nexus.env | nindent 12 }} + envFrom: + {{ toYaml .Values.nexus.envFrom | nindent 12 }} + resources: + {{ toYaml .Values.nexus.resources | nindent 12 }} + ports: + - name: nexus-ui + containerPort: {{ .Values.nexus.nexusPort }} + {{- if .Values.nexus.docker.enabled }} + {{- range .Values.nexus.docker.registries }} + - name: docker-{{ .port }} + containerPort: {{ .port }} + {{- end }} + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.nexus.livenessProbe.path }} + port: {{ .Values.nexus.nexusPort }} + initialDelaySeconds: {{ .Values.nexus.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nexus.livenessProbe.periodSeconds }} + failureThreshold: {{ .Values.nexus.livenessProbe.failureThreshold }} + {{- if .Values.nexus.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ .Values.nexus.livenessProbe.timeoutSeconds }} + {{- end }} + readinessProbe: + httpGet: + path: {{ .Values.nexus.readinessProbe.path }} + port: {{ .Values.nexus.nexusPort }} + initialDelaySeconds: {{ .Values.nexus.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.nexus.readinessProbe.periodSeconds }} + failureThreshold: {{ .Values.nexus.readinessProbe.failureThreshold }} + {{- if .Values.nexus.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ .Values.nexus.readinessProbe.timeoutSeconds }} + {{- end }} + volumeMounts: + - mountPath: /nexus-data + name: {{ template "nexus.name" . }}-data + {{- if .Values.config.enabled }} + - mountPath: {{ .Values.config.mountPath }} + name: {{ template "nexus.name" . }}-conf + {{- end }} + {{- if .Values.nexus.properties.override }} + - mountPath: /nexus-data/etc/nexus.properties + name: {{ template "nexus.name" . }}-properties + subPath: nexus.properties + {{- end }} + {{- if .Values.secret.enabled }} + - mountPath: {{ .Values.secret.mountPath }} + name: {{ template "nexus.name" . }}-secret + readOnly: {{ .Values.secret.readOnly }} + {{- end }} + {{- if .Values.deployment.additionalVolumeMounts}} + {{ toYaml .Values.deployment.additionalVolumeMounts | nindent 12 }} + {{- end }} + {{- if .Values.deployment.additionalContainers }} + {{ toYaml .Values.deployment.additionalContainers | nindent 8 }} + {{- end }} + {{- if .Values.nexus.securityContext }} + securityContext: + {{ toYaml .Values.nexus.securityContext | nindent 8 }} + {{- end }} + volumes: + - name: {{ template "nexus.name" . }}-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.config.enabled }} + - name: {{ template "nexus.name" . }}-conf + configMap: + name: {{ template "nexus.name" . }}-conf + {{- end }} + {{- if .Values.nexus.properties.override }} + - name: {{ template "nexus.name" . }}-properties + configMap: + name: {{ template "nexus.name" . }}-properties + items: + - key: nexus.properties + path: nexus.properties + {{- end }} + {{- if .Values.secret.enabled }} + - name: {{ template "nexus.name" . }}-secret + secret: + secretName: {{ template "nexus.name" . }}-secret + {{- end }} + {{- if .Values.deployment.additionalVolumes }} + {{ toYaml .Values.deployment.additionalVolumes | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} diff --git a/nexus-repository-manager/templates/ingress.yaml b/nexus-repository-manager/templates/ingress.yaml new file mode 100644 index 0000000..198fdfe --- /dev/null +++ b/nexus-repository-manager/templates/ingress.yaml @@ -0,0 +1,85 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "nexus.fullname" . -}} +{{- $svcPort := .Values.nexus.nexusPort -}} +{{- $ingressPath := .Values.ingress.path -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "nexus.labels" . | nindent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: {{ .Values.ingress.hostRepo }} + http: + paths: + - path: {{ .Values.ingress.hostPath }} + pathType: Prefix + backend: + service: + name: {{ $fullName }} + port: + number: 8081 + +{{ if .Values.nexus.docker.enabled }} +{{ range $registry := .Values.nexus.docker.registries }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }} + labels: + {{- include "nexus.labels" $ | nindent 4 }} + {{- if $.Values.nexus.extraLabels }} + {{- with $.Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + {{- with $.Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if $.Values.ingress.ingressClassName }} + ingressClassName: {{ $.Values.ingress.ingressClassName }} + {{- end }} + tls: + - hosts: + - {{ $registry.host | quote }} + secretName: {{ $registry.secretName }} + rules: + - host: {{ $registry.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }} + port: + number: {{ $registry.port }} +{{- end }} {{- /* range of nexus.docker.registries */ -}} +{{- end }} {{- /* nexus.docker.enabled */ -}} +{{- end }} {{- /* ingress.enabled */ -}} diff --git a/nexus-repository-manager/templates/proxy-route.yaml b/nexus-repository-manager/templates/proxy-route.yaml new file mode 100644 index 0000000..f66e135 --- /dev/null +++ b/nexus-repository-manager/templates/proxy-route.yaml @@ -0,0 +1,23 @@ +{{- if .Values.nexusProxyRoute.enabled }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ template "nexus.fullname" . }} + labels: {{ .Values.nexusProxyRoute.labels }} + annotations: + {{- range $key, $value := .Values.nexusProxyRoute.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + host: {{ .Values.nexusProxyRoute.path }} + port: + targetPort: {{ template "nexus.fullname" . }} + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ template "nexus.fullname" . }} + weight: 100 + wildcardPolicy: None +{{- end }} diff --git a/nexus-repository-manager/templates/pv.yaml b/nexus-repository-manager/templates/pv.yaml new file mode 100644 index 0000000..1f17872 --- /dev/null +++ b/nexus-repository-manager/templates/pv.yaml @@ -0,0 +1,26 @@ +{{- if not .Values.statefulset.enabled }} +{{- if .Values.persistence.pdName -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Values.persistence.pdName }} + labels: +{{ include "nexus.labels" . | indent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +spec: + capacity: + storage: {{ .Values.persistence.storageSize }} + accessModes: + - ReadWriteOnce + claimRef: + namespace: {{ .Release.Namespace }} + name: {{ template "nexus.fullname" . }}-data + gcePersistentDisk: + pdName: {{ .Values.persistence.pdName }} + fsType: {{ .Values.persistence.fsType }} +{{- end }} +{{- end }} diff --git a/nexus-repository-manager/templates/pvc.yaml b/nexus-repository-manager/templates/pvc.yaml new file mode 100644 index 0000000..32e9b78 --- /dev/null +++ b/nexus-repository-manager/templates/pvc.yaml @@ -0,0 +1,30 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "nexus.fullname" . }}-data + labels: +{{ include "nexus.labels" . | indent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +{{- if .Values.persistence.annotations }} + annotations: +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.storageSize | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/nexus-repository-manager/templates/route.yaml b/nexus-repository-manager/templates/route.yaml new file mode 100644 index 0000000..cf76e5b --- /dev/null +++ b/nexus-repository-manager/templates/route.yaml @@ -0,0 +1,27 @@ +{{- if .Values.route.enabled }} +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: {{ .Values.route.name }} + labels: {{ .Values.route.labels }} + annotations: + {{- range $key, $value := .Values.route.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + host: {{ .Values.route.path }} + port: + targetPort: {{ .Values.service.portName }} + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service +{{- if .Values.service.name }} + name: {{ .Values.service.name }} +{{- else }} + name: {{ template "nexus.name" . }}-service +{{- end }} + weight: 100 + wildcardPolicy: None +{{- end }} diff --git a/nexus-repository-manager/templates/secret.yaml b/nexus-repository-manager/templates/secret.yaml new file mode 100644 index 0000000..3dbbcd4 --- /dev/null +++ b/nexus-repository-manager/templates/secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.secret.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "nexus.name" . }}-secret + labels: +{{ include "nexus.labels" . | indent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +data: +{{ toYaml .Values.secret.data | indent 2 }} +{{- end}} diff --git a/nexus-repository-manager/templates/service.yaml b/nexus-repository-manager/templates/service.yaml new file mode 100644 index 0000000..ba7acb7 --- /dev/null +++ b/nexus-repository-manager/templates/service.yaml @@ -0,0 +1,66 @@ +{{- if .Values.service.enabled -}} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nexus.fullname" . }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "nexus.labels" . | nindent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.nexus.nexusPort }} + protocol: TCP + name: nexus-ui + selector: + {{- include "nexus.selectorLabels" . | nindent 4 }} + {{- if .Values.nexus.extraSelectorLabels }} + {{- with .Values.nexus.extraSelectorLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + +{{- if .Values.nexus.docker.enabled }} +{{- range $registry := .Values.nexus.docker.registries }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "nexus.fullname" $ | trunc 49 }}-docker-{{ $registry.port }} +{{- if $.Values.service.annotations }} + annotations: +{{ toYaml $.Values.service.annotations | indent 4 }} +{{- end }} + labels: + {{- include "nexus.labels" $ | nindent 4 }} + {{- if $.Values.nexus.extraLabels }} + {{- with $.Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ $.Values.service.type }} + ports: + - port: {{ $registry.port }} + protocol: TCP + name: docker-{{ $registry.port }} + selector: + {{- include "nexus.selectorLabels" $ | nindent 4 }} + {{- if $.Values.nexus.extraSelectorLabels }} + {{- with $.Values.nexus.extraSelectorLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} +{{- end }} + +{{- end }} +{{- end }} diff --git a/nexus-repository-manager/templates/serviceaccount.yaml b/nexus-repository-manager/templates/serviceaccount.yaml new file mode 100644 index 0000000..5bb8fa5 --- /dev/null +++ b/nexus-repository-manager/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "nexus.serviceAccountName" . }} + labels: {{- include "nexus.labels" . | nindent 4 }} + {{- if .Values.nexus.extraLabels }} + {{- with .Values.nexus.extraLabels }} + {{ toYaml . | indent 4 }} + {{- end }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/nexus-repository-manager/templates/test/test-check-logs.yaml b/nexus-repository-manager/templates/test/test-check-logs.yaml new file mode 100644 index 0000000..43637fb --- /dev/null +++ b/nexus-repository-manager/templates/test/test-check-logs.yaml @@ -0,0 +1,25 @@ +# This test checks the logs to confirm the running app version is the same as the chart app version +# This test will run only if the flag persistence.enabled is true on the values.yaml file +{{- if .Values.persistence.enabled }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-test-check-logs" + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + containers: + - name: {{ .Release.Name }}-test-check-logs + image: busybox + command: ["/bin/sh"] + args: ["-c", "cat /nexus-data/log/nexus.log | grep {{ .Chart.AppVersion }} || exit 1"] + volumeMounts: + - mountPath: /nexus-data + name: {{ template "nexus.name" . }}-data + volumes: + - name: {{ template "nexus.name" . }}-data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (printf "%s-%s" (include "nexus.fullname" .) "data") }} + restartPolicy: Never +{{- end }} diff --git a/nexus-repository-manager/templates/test/test-connection.yaml b/nexus-repository-manager/templates/test/test-connection.yaml new file mode 100644 index 0000000..55f1036 --- /dev/null +++ b/nexus-repository-manager/templates/test/test-connection.yaml @@ -0,0 +1,15 @@ +# This test checks that the server is up and running by making a wget +apiVersion: v1 +kind: Pod +metadata: + name: "{{ .Release.Name }}-test-connection" + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + containers: + - name: {{ .Release.Name }}-test-connection + image: busybox + command: ['wget'] + args: ['{{ include "nexus.fullname" . }}:{{ .Values.nexus.nexusPort }}'] + restartPolicy: Never diff --git a/nexus-repository-manager/tests/deployment_test.yaml b/nexus-repository-manager/tests/deployment_test.yaml new file mode 100644 index 0000000..25d6396 --- /dev/null +++ b/nexus-repository-manager/tests/deployment_test.yaml @@ -0,0 +1,113 @@ +suite: deployment +templates: + - deployment.yaml + - configmap-properties.yaml +tests: + - it: renders with defaults + template: deployment.yaml + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Deployment + - equal: + path: apiVersion + value: apps/v1 + - equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager + - matchRegex: + path: metadata.labels.[app.kubernetes.io/name] + pattern: nexus-repository-manager + - matchRegex: + path: metadata.labels.[app.kubernetes.io/version] + pattern: 3\.\d+\.\d+ + - matchRegex: + path: spec.template.metadata.annotations.[checksum/configmap-properties] + pattern: .+ + - equal: + path: spec.replicas + value: 1 + - equal: + path: spec.strategy.type + value: Recreate + - matchRegex: + path: spec.template.spec.containers[0].image + pattern: sonatype/nexus3:3\.\d+\.\d+ + - equal: + path: spec.template.spec.containers[0].securityContext + value: null + - equal: + path: spec.template.spec.containers[0].imagePullPolicy + value: IfNotPresent + - equal: + path: spec.template.spec.containers[0].env + value: + - name: INSTALL4J_ADD_VM_PARAMS + value: |- + -Xms2703M -Xmx2703M + -XX:MaxDirectMemorySize=2703M + -XX:+UnlockExperimentalVMOptions + -XX:+UseCGroupMemoryLimitForHeap + -Djava.util.prefs.userRoot=/nexus-data/javaprefs + - name: NEXUS_SECURITY_RANDOMPASSWORD + value: "true" + - equal: + path: spec.template.spec.containers[0].ports + value: + - containerPort: 8081 + name: nexus-ui + - equal: + path: spec.template.spec.containers[0].livenessProbe + value: + failureThreshold: 6 + httpGet: + path: / + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + - equal: + path: spec.template.spec.containers[0].readinessProbe + value: + failureThreshold: 6 + httpGet: + path: / + port: 8081 + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + - equal: + path: spec.template.spec.containers[0].volumeMounts + value: + - mountPath: /nexus-data + name: nexus-repository-manager-data + - equal: + path: spec.template.spec.volumes + value: + - name: nexus-repository-manager-data + persistentVolumeClaim: + claimName: RELEASE-NAME-nexus-repository-manager-data + - equal: + path: spec.template.spec.securityContext + value: + fsGroup: 200 + runAsGroup: 200 + runAsUser: 200 + + - it: should use our simple values + template: deployment.yaml + set: + deploymentStrategy: my-strategy + imagePullSecrets: + - name: top-secret + asserts: + - hasDocuments: + count: 1 + - equal: + path: spec.strategy.type + value: my-strategy + - equal: + path: spec.template.spec.imagePullSecrets + value: + - name: top-secret diff --git a/nexus-repository-manager/tests/ingress_test.yaml b/nexus-repository-manager/tests/ingress_test.yaml new file mode 100644 index 0000000..3d8c057 --- /dev/null +++ b/nexus-repository-manager/tests/ingress_test.yaml @@ -0,0 +1,242 @@ +--- +suite: ingress +templates: + - ingress.yaml +tests: + - it: renders with defaults + set: + ingress: + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: Ingress + - equal: + path: apiVersion + value: networking.k8s.io/v1 + - equal: + path: metadata.labels.[app.kubernetes.io/instance] + value: RELEASE-NAME + - equal: + path: metadata.labels.[app.kubernetes.io/managed-by] + value: Helm + - matchRegex: + path: metadata.labels.[app.kubernetes.io/version] + pattern: \d+\.\d+\.\d+ + - matchRegex: + path: metadata.labels.[helm.sh/chart] + pattern: nexus-repository-manager-\d+\.\d+\.\d+ + - equal: + path: metadata.labels.[app.kubernetes.io/name] + value: nexus-repository-manager + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + + - documentIndex: 0 + equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager + - documentIndex: 0 + equal: + path: spec + value: + ingressClassName: nginx + rules: + - host: repo.demo + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: RELEASE-NAME-nexus-repository-manager + port: + number: 8081 + - it: renders a second docker ingress + set: + ingress: + enabled: true + nexus: + docker: + enabled: true + registries: + - host: docker.repo.demo + port: 5000 + secretName: registry-secret + asserts: + - hasDocuments: + count: 2 + - isKind: + of: Ingress + - equal: + path: apiVersion + value: networking.k8s.io/v1 + - equal: + path: metadata.labels.[app.kubernetes.io/instance] + value: RELEASE-NAME + - equal: + path: metadata.labels.[app.kubernetes.io/managed-by] + value: Helm + - matchRegex: + path: metadata.labels.[app.kubernetes.io/version] + pattern: \d+\.\d+\.\d+ + - matchRegex: + path: metadata.labels.[helm.sh/chart] + pattern: nexus-repository-manager-\d+\.\d+\.\d+ + - equal: + path: metadata.labels.[app.kubernetes.io/name] + value: nexus-repository-manager + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + + - documentIndex: 0 + equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager + - documentIndex: 0 + equal: + path: spec + value: + ingressClassName: nginx + rules: + - host: repo.demo + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: RELEASE-NAME-nexus-repository-manager + port: + number: 8081 + - documentIndex: 1 + equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager-docker-5000 + - documentIndex: 1 + equal: + path: spec + value: + ingressClassName: nginx + rules: + - host: docker.repo.demo + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: RELEASE-NAME-nexus-repository-manager-docker-5000 + port: + number: 5000 + tls: + - hosts: + - docker.repo.demo + secretName: registry-secret + - it: we can exclude ingressClassName for repo ingress and docker ingress + set: + ingress: + enabled: true + ingressClassName: {} + nexus: + docker: + enabled: true + registries: + - host: docker.repo.demo + port: 5000 + secretName: registry-secret + asserts: + - hasDocuments: + count: 2 + - isKind: + of: Ingress + - equal: + path: apiVersion + value: networking.k8s.io/v1 + - equal: + path: metadata.labels.[app.kubernetes.io/instance] + value: RELEASE-NAME + - equal: + path: metadata.labels.[app.kubernetes.io/managed-by] + value: Helm + - matchRegex: + path: metadata.labels.[app.kubernetes.io/version] + pattern: \d+\.\d+\.\d+ + - matchRegex: + path: metadata.labels.[helm.sh/chart] + pattern: nexus-repository-manager-\d+\.\d+\.\d+ + - equal: + path: metadata.labels.[app.kubernetes.io/name] + value: nexus-repository-manager + - equal: + path: metadata.annotations + value: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + + - documentIndex: 0 + equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager + - documentIndex: 0 + equal: + path: spec + value: + rules: + - host: repo.demo + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: RELEASE-NAME-nexus-repository-manager + port: + number: 8081 + - documentIndex: 1 + equal: + path: metadata.name + value: RELEASE-NAME-nexus-repository-manager-docker-5000 + - documentIndex: 1 + equal: + path: spec + value: + rules: + - host: docker.repo.demo + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: RELEASE-NAME-nexus-repository-manager-docker-5000 + port: + number: 5000 + tls: + - hosts: + - docker.repo.demo + secretName: registry-secret + - it: is disabled by default + asserts: + - hasDocuments: + count: 0 + + - it: renders with tls config when provided + set: + ingress: + enabled: true + tls: + - secretName: nexus-tls-local + hosts: + - repo.host + asserts: + - equal: + path: spec.tls + value: + - secretName: nexus-tls-local + hosts: + - repo.host diff --git a/nexus-repository-manager/values.yaml b/nexus-repository-manager/values.yaml new file mode 100644 index 0000000..5e9dbde --- /dev/null +++ b/nexus-repository-manager/values.yaml @@ -0,0 +1,184 @@ +--- +statefulset: + # This is not supported + enabled: false +deploymentStrategy: Recreate +image: + # Sonatype Official Public Image + repository: sonatype/nexus3 + tag: 3.41.1 + pullPolicy: IfNotPresent +imagePullSecrets: +# for image registries that require login, specify the name of the existing +# kubernetes secret +# - name: + +nexus: + docker: + enabled: false + # registries: + # - host: chart.local + # port: 5000 + # secretName: registry-secret + env: + # minimum recommended memory settings for a small, person instance from + # https://help.sonatype.com/repomanager3/product-information/system-requirements + - name: INSTALL4J_ADD_VM_PARAMS + value: |- + -Xms2703M -Xmx2703M + -XX:MaxDirectMemorySize=2703M + -XX:+UnlockExperimentalVMOptions + -XX:+UseCGroupMemoryLimitForHeap + -Djava.util.prefs.userRoot=/nexus-data/javaprefs + - name: NEXUS_SECURITY_RANDOMPASSWORD + value: "true" + properties: + override: false + data: + nexus.scripts.allowCreation: true + # See this article for ldap configuratioon options https://support.sonatype.com/hc/en-us/articles/216597138-Setting-Advanced-LDAP-Connection-Properties-in-Nexus-Repository-Manager + # nexus.ldap.env.java.naming.security.authentication: simple + # nodeSelector: + # cloud.google.com/gke-nodepool: default-pool + resources: + # minimum recommended memory settings for a small, person instance from + # https://help.sonatype.com/repomanager3/product-information/system-requirements + # requests: + # cpu: 4 + # memory: 8Gi + # limits: + # cpu: 4 + # memory: 8Gi + + # The ports should only be changed if the nexus image uses a different port + nexusPort: 8081 + + # Default the pods UID and GID to match the nexus3 container. + # Customize or remove these values from the securityContext as appropriate for + # your deployment environment. + securityContext: + runAsUser: 200 + runAsGroup: 200 + fsGroup: 200 + podAnnotations: {} + livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 10 + path: / + readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 10 + path: / + # hostAliases allows the modification of the hosts file inside a container + hostAliases: [] + # - ip: "192.168.1.10" + # hostnames: + # - "example.com" + # - "www.example.com" + +nameOverride: "" +fullnameOverride: "" + +deployment: + # # Add annotations in deployment to enhance deployment configurations + annotations: {} + # # Add init containers. e.g. to be used to give specific permissions for nexus-data. + # # Add your own init container or uncomment and modify the given example. + initContainers: + # - name: fmp-volume-permission + # image: busybox + # imagePullPolicy: IfNotPresent + # command: ['chown','-R', '200', '/nexus-data'] + # volumeMounts: + # - name: nexus-data + # mountPath: /nexus-data + # Uncomment and modify this to run a command after starting the nexus container. + postStart: + command: # '["/bin/sh", "-c", "ls"]' + preStart: + command: # '["/bin/rm", "-f", "/path/to/lockfile"]' + terminationGracePeriodSeconds: 120 + additionalContainers: + additionalVolumes: + additionalVolumeMounts: + +ingress: + enabled: false + ingressClassName: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "0" + hostPath: / + hostRepo: repo.demo + # tls: + # - secretName: nexus-local-tls + # hosts: + # - repo.demo + + +service: + name: nexus3 + enabled: true + labels: {} + annotations: {} + type: ClusterIP + + +route: + enabled: false + name: docker + portName: docker + labels: + annotations: + # path: /docker + +nexusProxyRoute: + enabled: false + labels: + annotations: + # path: /nexus + +persistence: + enabled: true + accessMode: ReadWriteOnce + ## If defined, storageClass: + ## If set to "-", storageClass: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClass spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # existingClaim: + # annotations: + # "helm.sh/resource-policy": keep + # storageClass: "-" + storageSize: 8Gi + # If PersistentDisk already exists you can create a PV for it by including the 2 following keypairs. + # pdName: nexus-data-disk + # fsType: ext4 + +tolerations: [] + +# Enable configmap and add data in configmap +config: + enabled: false + mountPath: /sonatype-nexus-conf + data: [] + +# # To use an additional secret, set enable to true and add data +secret: + enabled: false + mountPath: /etc/secret-volume + readOnly: true + data: [] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: ""