From 2ca367d326c5a2c1498da6cadb3400de00dbc118 Mon Sep 17 00:00:00 2001 From: Steve Hipwell Date: Thu, 4 Jan 2024 14:35:34 +0000 Subject: [PATCH] feat(nexus3): Updated pro functionality (#854) Signed-off-by: Steve Hipwell --- charts/nexus3/CHANGELOG.md | 7 +- charts/nexus3/Chart.yaml | 14 +- charts/nexus3/README.md | 235 +++++++++--------- .../templates/configmap-properties.yaml | 19 +- charts/nexus3/templates/deployment.yaml | 19 +- charts/nexus3/templates/statefulset.yaml | 12 +- charts/nexus3/values.yaml | 4 +- 7 files changed, 170 insertions(+), 140 deletions(-) diff --git a/charts/nexus3/CHANGELOG.md b/charts/nexus3/CHANGELOG.md index e2dbe07f..1473d371 100644 --- a/charts/nexus3/CHANGELOG.md +++ b/charts/nexus3/CHANGELOG.md @@ -20,10 +20,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [UNRELEASED] +## [v4.38.0] - 2024-01-04 + ### Added -- Added `highAvailability.enabled` & `highAvailability.replicas` values to enable configuring high availability when running _Nexus3_ as a `StatefulSet`. -- Added `license.enabled`, `license.secret` & `license.key` to configure the licence. +- Added `license.enabled`, `license.secret` & `license.key` to configure the _Nexus3_ pro licence. +- Added `highAvailability.enabled` & `highAvailability.replicas` values to enable configuring [high availability](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/high-availability-deployment-options/option-1---manual-high-availability-deployment) when running _Nexus3_ as a `StatefulSet` with a pro licence. +- Added `storeProperties` value to configure a _PostgreSQl_ data store for _Nexus3_ with a pro licence. ## [v4.37.0] - 2023-12-06 diff --git a/charts/nexus3/Chart.yaml b/charts/nexus3/Chart.yaml index b23a8112..44e9c928 100644 --- a/charts/nexus3/Chart.yaml +++ b/charts/nexus3/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: nexus3 description: Helm chart for Sonatype Nexus 3 OSS. type: application -version: 4.37.0 +version: 4.38.0 appVersion: 3.63.0 home: https://www.sonatype.com/nexus-repository-oss icon: https://help.sonatype.com/docs/files/331022/34537964/3/1564671303641/NexusRepo_Icon.png @@ -23,9 +23,9 @@ maintainers: annotations: artifacthub.io/alternativeName: nexus artifacthub.io/changes: | - - kind: changed - description: "Updated the _Nexus3_ OCI image to [v3.63.0](https://github.com/sonatype/nexus-public/releases/tag/release-3.63.0-01)." - - kind: changed - description: "Support embedding of env vars for JVM by permitting `INSTALL4J_ADD_VM_PARAMS` to be defined after all other env vars." - - kind: changed - description: "Lifecycle script `configure.sh` prefixes log errors with `ERROR:` and echos the same string to `$TERMINATION_LOG`." + - kind: added + description: "Added `license.enabled`, `license.secret` & `license.key` to configure the _Nexus3_ pro licence." + - kind: added + description: "Added `highAvailability.enabled` & `highAvailability.replicas` values to enable configuring [high availability](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/high-availability-deployment-options/option-1---manual-high-availability-deployment) when running _Nexus3_ as a `StatefulSet` with a pro licence." + - kind: added + description: "Added `storeProperties` value to configure a _PostgreSQl_ data store for _Nexus3_ with a pro licence." diff --git a/charts/nexus3/README.md b/charts/nexus3/README.md index fa8104ab..f1a67fc9 100644 --- a/charts/nexus3/README.md +++ b/charts/nexus3/README.md @@ -20,120 +20,121 @@ helm upgrade --install --namespace default --values ./my-values.yaml my-release The following table lists the configurable parameters of the _Nexus 3_ chart and their default values. -| Parameter | Description | Default | -|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------| -| `image.repository` | Image repository. | `sonatype/nexus3` | -| `image.tag` | Image tag. | `.Chart.AppVersion` | -| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | -| `image.pullSecrets` | **DEPRECATED** Image pull secrets, use `imagePullSecrets` instead. | `[]` | -| `imagePullSecrets` | Image pull secrets, will override `image.pullSecrets`. | `[]` | -| `nameOverride` | Override the name of the chart. | | -| `fullnameOverride` | Override the full name of the chart. | | -| `commonLabels` | Labels to add to all chart resources. | `{}` | -| `serviceAccount.create` | If `true`, create a new service account. | `true` | -| `serviceAccount.labels` | Labels to add to the service account. | `{}` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | -| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | | -| `serviceAccount.automountToken` | If `true`, mount the ServiceAccount token. | `false` | -| `deployment` | If `true`, run as a `Deployment`, otherwise run as a `StatefulSet`. | `true` | -| `highAvailability.enabled` | Enable high availability. It only works with `StatefulSet`, so this is not used unless `deployment` is `false`. Check HA requirements in Sonatype documentation before enabling! | `false` | -| `highAvailability.replicas` | Replicas for StatefulSet. Not used unless `highAvailability.enabled` is `true` and `deployment` is `false`. | `1` | -| `podLabels` | Labels to add to the pod. | `{}` | -| `podAnnotations` | Annotations to add to the pod. | `{}` | -| `podSecurityContext` | Security context for the pod. | `{ fsGroup: 200 }` | -| `securityContext` | Security context for the _nexus3_ container. | `{}` | -| `priorityClassName` | Priority class name to use. | `""` | -| `livenessProbe` | The liveness probe. | See _values.yaml_ | -| `readinessProbe` | The readiness probe. | See _values.yaml_ | -| `service.type` | Service type. | `ClusterIP` | -| `service.clusterIP` | Service cluster IP. | | -| `service.annotations` | Annotations to add to the service. | `{}` | -| `service.port` | Service port. | `8881` | -| `service.additionalPorts` | Additional ports exposed by the service and used by repository connectors. | | -| `metrics.enabled` | If `true`, metrics will be enabled (with anonymous access configured). | `false` | -| `metrics.serviceMonitor.enabled` | If `true`, create a _Prometheus_ service monitor. | `false` | -| `metrics.serviceMonitor.additionalLabels` | Additional labels to be set on the service monitor. | `{}` | -| `metrics.serviceMonitor.endpointConfig` | Additional endpoint configuration for the ServiceMonitor. | `{}` | -| `metrics.serviceMonitor.interval` | **DEPRECATED** _Prometheus_ scrape frequency, use `metrics.serviceMonitor.endpointConfig.interval` instead. | `""` | -| `ingress.enabled` | If `true`, create an ingress object. | `false` | -| `ingress.annotations` | Ingress annotations. | `{}` | -| `ingress.ingressClassName` | Ingress class to use. | `""` | -| `ingress.hosts` | Ingress hosts. | `[]` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `persistence.enabled` | If `true`, create a PVC. | `false` | -| `persistence.annotations` | Annotations to add to the PVC. | `{}` | -| `persistence.existingClaim` | Use an existing PVC to persist data. | | -| `persistence.accessMode` | Persistence access mode. | `ReadWriteOnce` | -| `persistence.storageClass` | PVC storage class (use `-` for default). | `standard` | -| `persistence.size` | Size of PVC to create. | `8Gi` | -| `extraVolumeMounts` | Additional volume mounts for the _nexus3_ container. | `[]` | -| `resources` | Resource requests and limits for the _nexus3_ container. | `{}` | -| `chownDataDir` | If the `chown` init container should be used. | `true` | -| `extraInitContainers` | Additional init containers for the pod. | `[]` | -| `extraVolumes` | Additional volumes. | `[]` | -| `terminationGracePeriodSeconds` | Termination grace period in seconds. | `30` | -| `nodeSelector` | Node labels for pod assignment. | `{}` | -| `affinity` | Affinity settings for pod assignment. If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | `{}` | -| `topologySpreadConstraints` | Topology spread constraints for pod assignment. If an explicit label selector is not provided one will be created from the pod selector labels. | `[]` | -| `tolerations` | Tolerations for pod assignment. | `[]` | -| `caCerts.enabled` | If `true`, add provided CA certificates to the JVM cacerts key store. | `false` | -| `caCerts.secret` | Secret containing the additional CA certificates. | | -| `license.enabled` | If `true`, configure provided license on the pods. | `false` | -| `license.secret` | Secret containing the license. | | -| `license.key` | Key on the secret set in `license.secret`. | `nexus.license` | -| `envVars.jvmMinHeapSize` | JVM min heap size (should match `jvmMaxHeapSize`). | `1024m` | -| `envVars.jvmMaxHeapSize` | JVM max heap size (should match `jvmMinHeapSize`). | `1024m` | -| `envVars.jvmAdditionalMemoryOptions` | Additional JVM memory options. | `-XX:MaxDirectMemorySize=2048m` | -| `envVars.jvmAdditionalOptions` | Additional JVM options. | `""` | -| `env` | Environment variables for the _nexus3_ container. | | -| `logback.maxHistory` | Logback retention period in days. | `30` | -| `properties` | Additional _Nexus_ properties. | `[nexus.scripts.allowCreation=true]` | -| `rootPassword.secret` | Secret to set the root password with. | | -| `rootPassword.key` | Key on the secret set in `config.rootPassword.secret`. | `password` | -| `config.enabled` | If `true`, automatically configure _Nexus_. This requires the `rootPassword` values to be set. | `false` | -| `config.rootPassword.secret` | **DEPRECATED** - Use `rootPassword.secret` instead; this has priority. | | -| `config.rootPassword.key` | **DEPRECATED** - Use `rootPassword.key` instead; this has priority. | | -| `config.anonymous.enabled` | If `true`, allow anonymous access. | `false` | -| `config.realms.enabled` | If `true`, realms should be configured. | `false` | -| `config.realms.values` | Realm ids to enable, in priority order (see `values.yaml` for available realms). | `[]` | -| `config.roles` | Roles to be configured (see `values.yaml` for structure). | `[]` | -| `config.users` | Users to be configured (see `values.yaml` for structure). | `[]` | -| `config.ldap.enabled` | If `true`, configure LDAP. | `false` | -| `config.ldap.name` | Unique name for the LDAP configuration. | | -| `config.ldap.protocol` | LDAP protocol, either `ldaps` or `ldap`. | `ldaps` | -| `config.ldap.useTrustStore` | Use _Nexus_ trust store for certificate validation. | `true` | -| `config.ldap.connectionTimeoutSeconds` | LDAP connection timeout. | `30` | -| `config.ldap.connectionRetryDelaySeconds` | LDAP connection retry delay. | `300` | -| `config.ldap.maxIncidentsCount` | LDAP connection max incidents. | `3` | -| `config.ldap.host` | LDAP host. | | -| `config.ldap.port` | LDAP port. | `636` | -| `config.ldap.authScheme` | LDAP authentication schema. | `simple` | -| `config.ldap.authUsername` | Username or DN (Distinguished Name) of an LDAP user, used to connect to the LDAP server. | | -| `config.ldap.authPassword.secret` | Secret containing the password to connect to the LDAP server. | | -| `config.ldap.authPassword.key` | The key on the secret containing the password to connect to the LDAP server. | | -| `config.ldap.authRealm` | LDAP authentication realm. | | -| `config.ldap.searchBase` | LDAP search base. | | -| `config.ldap.userBaseDn` | LDAP user base, relative to the search base. | | -| `config.ldap.userSubtree` | If `true`, LDAP users in trees below the user base are valid. | `false` | -| `config.ldap.userObjectClass` | LDAP object class for users. | `user` | -| `config.ldap.userLdapFilter` | LDAP user filter. | | -| `config.ldap.userIdAttribute` | LDAP user id attribute. | `sAMAccountName` | -| `config.ldap.userRealNameAttribute` | LDAP user real name attribute. | `cn` | -| `config.ldap.userEmailAddressAttribute` | LDAP user email address attribute. | `email` | -| `config.ldap.userPasswordAttribute` | LDAP user password attribute. | | -| `config.ldap.ldapGroupsAsRoles` | If `true`, LDAP user groups will be treated as a _Nexus_ role. | `false` | -| `config.ldap.groupType` | LDAP group type, either `dynamic` or `static`. | `dynamic` | -| `config.ldap.userMemberOfAttribute` | LDAP user member of attribute, required if `groupType` is `dynamic`. | `memberOf` | -| `config.ldap.groupBaseDn` | LDAP group base, required if `groupType` is `static`. | | -| `config.ldap.groupSubtree` | If `true`, LDAP groups in trees below the group base are valid (only used if `groupType` is `static`). | `false` | -| `config.ldap.groupObjectClass` | LDAP group object class, required if `groupType` is `static`. | | -| `config.ldap.groupIdAttribute` | LDAP group id attribute, required if `groupType` is `static`. | | -| `config.ldap.groupMemberAttribute` | LDAP group member attribute, required if `groupType` is `static`. | | -| `config.ldap.groupMemberFormat` | LDAP group member format, required if `groupType` is `static`. | | -| `config.blobStores` | Blob stores to be configured (see `values.yaml` for structure). | `[]` | -| `config.cleanup` | Cleanup policies to be configured (see `values.yaml` for structure). | `[]` | -| `config.repoCredentials.enabled` | If `true`, use the given secret to provide repo credentials. | `false` | -| `config.repoCredentials.secret` | Secret containing repo credentials, where the key should be the repo name and the value the password. | `[]` | -| `config.repos` | Repos to be configured (see `values.yaml` for structure). | `[]` | -| `config.tasks` | Tasks to be configured (see `values.yaml` for structure). | `[]` | -| `testResources` | If `true`, create resources required for testing and enable the resources to be used by the test hook. | `false` | +| Parameter | Description | Default | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | +| `image.repository` | Image repository. | `sonatype/nexus3` | +| `image.tag` | Image tag. | `.Chart.AppVersion` | +| `image.pullPolicy` | Image pull policy. | `IfNotPresent` | +| `image.pullSecrets` | **DEPRECATED** Image pull secrets, use `imagePullSecrets` instead. | `[]` | +| `imagePullSecrets` | Image pull secrets, will override `image.pullSecrets`. | `[]` | +| `nameOverride` | Override the name of the chart. | | +| `fullnameOverride` | Override the full name of the chart. | | +| `commonLabels` | Labels to add to all chart resources. | `{}` | +| `serviceAccount.create` | If `true`, create a new service account. | `true` | +| `serviceAccount.labels` | Labels to add to the service account. | `{}` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the full name template. | | +| `serviceAccount.automountToken` | If `true`, mount the ServiceAccount token. | `false` | +| `deployment` | If `true`, run as a `Deployment`, otherwise run as a `StatefulSet`. | `true` | +| `highAvailability.enabled` | If `true`, enable [high availability](https://help.sonatype.com/repomanager3/planning-your-implementation/resiliency-and-high-availability/high-availability-deployment-options/option-1---manual-high-availability-deployment). This requires the upgrade documentation be followed and only works with `StatefulSet` that has a pro licence, so to use this `deployment` should be set to `false` and the `StatefulSet` will need to be scaled to `0` before upgrading. | `false` | +| `highAvailability.replicas` | Number of replicas for the `StatefulSet` if `highAvailability.enabled` is `true`. | `3` | +| `podLabels` | Labels to add to the pod. | `{}` | +| `podAnnotations` | Annotations to add to the pod. | `{}` | +| `podSecurityContext` | Security context for the pod. | `{ fsGroup: 200 }` | +| `securityContext` | Security context for the _nexus3_ container. | `{}` | +| `priorityClassName` | Priority class name to use. | `""` | +| `livenessProbe` | The liveness probe. | See _values.yaml_ | +| `readinessProbe` | The readiness probe. | See _values.yaml_ | +| `service.type` | Service type. | `ClusterIP` | +| `service.clusterIP` | Service cluster IP. | | +| `service.annotations` | Annotations to add to the service. | `{}` | +| `service.port` | Service port. | `8881` | +| `service.additionalPorts` | Additional ports exposed by the service and used by repository connectors. | | +| `metrics.enabled` | If `true`, metrics will be enabled (with anonymous access configured). | `false` | +| `metrics.serviceMonitor.enabled` | If `true`, create a _Prometheus_ service monitor. | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels to be set on the service monitor. | `{}` | +| `metrics.serviceMonitor.endpointConfig` | Additional endpoint configuration for the ServiceMonitor. | `{}` | +| `metrics.serviceMonitor.interval` | **DEPRECATED** _Prometheus_ scrape frequency, use `metrics.serviceMonitor.endpointConfig.interval` instead. | `""` | +| `ingress.enabled` | If `true`, create an ingress object. | `false` | +| `ingress.annotations` | Ingress annotations. | `{}` | +| `ingress.ingressClassName` | Ingress class to use. | `""` | +| `ingress.hosts` | Ingress hosts. | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `persistence.enabled` | If `true`, create a PVC. | `false` | +| `persistence.annotations` | Annotations to add to the PVC. | `{}` | +| `persistence.existingClaim` | Use an existing PVC to persist data. | | +| `persistence.accessMode` | Persistence access mode. | `ReadWriteOnce` | +| `persistence.storageClass` | PVC storage class (use `-` for default). | `standard` | +| `persistence.size` | Size of PVC to create. | `8Gi` | +| `extraVolumeMounts` | Additional volume mounts for the _nexus3_ container. | `[]` | +| `resources` | Resource requests and limits for the _nexus3_ container. | `{}` | +| `chownDataDir` | If the `chown` init container should be used. | `true` | +| `extraInitContainers` | Additional init containers for the pod. | `[]` | +| `extraVolumes` | Additional volumes. | `[]` | +| `terminationGracePeriodSeconds` | Termination grace period in seconds. | `30` | +| `nodeSelector` | Node labels for pod assignment. | `{}` | +| `affinity` | Affinity settings for pod assignment. If an explicit label selector is not provided for pod affinity or pod anti-affinity one will be created from the pod selector labels. | `{}` | +| `topologySpreadConstraints` | Topology spread constraints for pod assignment. If an explicit label selector is not provided one will be created from the pod selector labels. | `[]` | +| `tolerations` | Tolerations for pod assignment. | `[]` | +| `caCerts.enabled` | If `true`, add provided CA certificates to the JVM cacerts key store. | `false` | +| `caCerts.secret` | Secret containing the additional CA certificates. | | +| `license.enabled` | If `true`, configure provided license. | `false` | +| `license.secret` | Secret containing the license. | | +| `license.key` | Key containing the license on the secret set in `license.secret`. | `nexus.license` | +| `envVars.jvmMinHeapSize` | JVM min heap size (should match `jvmMaxHeapSize`). | `1024m` | +| `envVars.jvmMaxHeapSize` | JVM max heap size (should match `jvmMinHeapSize`). | `1024m` | +| `envVars.jvmAdditionalMemoryOptions` | Additional JVM memory options. | `-XX:MaxDirectMemorySize=2048m` | +| `envVars.jvmAdditionalOptions` | Additional JVM options. | `""` | +| `env` | Environment variables for the _nexus3_ container. | | +| `logback.maxHistory` | Logback retention period in days. | `30` | +| `properties` | Additional _Nexus_ properties. | `["nexus.scripts.allowCreation=true"]` | +| `storeProperties` | Additional _Nexus_ store properties. | [] | +| `rootPassword.secret` | Secret to set the root password with. | | +| `rootPassword.key` | Key on the secret set in `config.rootPassword.secret`. | `password` | +| `config.enabled` | If `true`, automatically configure _Nexus_. This requires the `rootPassword` values to be set. | `false` | +| `config.rootPassword.secret` | **DEPRECATED** - Use `rootPassword.secret` instead; this has priority. | | +| `config.rootPassword.key` | **DEPRECATED** - Use `rootPassword.key` instead; this has priority. | | +| `config.anonymous.enabled` | If `true`, allow anonymous access. | `false` | +| `config.realms.enabled` | If `true`, realms should be configured. | `false` | +| `config.realms.values` | Realm ids to enable, in priority order (see `values.yaml` for available realms). | `[]` | +| `config.roles` | Roles to be configured (see `values.yaml` for structure). | `[]` | +| `config.users` | Users to be configured (see `values.yaml` for structure). | `[]` | +| `config.ldap.enabled` | If `true`, configure LDAP. | `false` | +| `config.ldap.name` | Unique name for the LDAP configuration. | | +| `config.ldap.protocol` | LDAP protocol, either `ldaps` or `ldap`. | `ldaps` | +| `config.ldap.useTrustStore` | Use _Nexus_ trust store for certificate validation. | `true` | +| `config.ldap.connectionTimeoutSeconds` | LDAP connection timeout. | `30` | +| `config.ldap.connectionRetryDelaySeconds` | LDAP connection retry delay. | `300` | +| `config.ldap.maxIncidentsCount` | LDAP connection max incidents. | `3` | +| `config.ldap.host` | LDAP host. | | +| `config.ldap.port` | LDAP port. | `636` | +| `config.ldap.authScheme` | LDAP authentication schema. | `simple` | +| `config.ldap.authUsername` | Username or DN (Distinguished Name) of an LDAP user, used to connect to the LDAP server. | | +| `config.ldap.authPassword.secret` | Secret containing the password to connect to the LDAP server. | | +| `config.ldap.authPassword.key` | The key on the secret containing the password to connect to the LDAP server. | | +| `config.ldap.authRealm` | LDAP authentication realm. | | +| `config.ldap.searchBase` | LDAP search base. | | +| `config.ldap.userBaseDn` | LDAP user base, relative to the search base. | | +| `config.ldap.userSubtree` | If `true`, LDAP users in trees below the user base are valid. | `false` | +| `config.ldap.userObjectClass` | LDAP object class for users. | `user` | +| `config.ldap.userLdapFilter` | LDAP user filter. | | +| `config.ldap.userIdAttribute` | LDAP user id attribute. | `sAMAccountName` | +| `config.ldap.userRealNameAttribute` | LDAP user real name attribute. | `cn` | +| `config.ldap.userEmailAddressAttribute` | LDAP user email address attribute. | `email` | +| `config.ldap.userPasswordAttribute` | LDAP user password attribute. | | +| `config.ldap.ldapGroupsAsRoles` | If `true`, LDAP user groups will be treated as a _Nexus_ role. | `false` | +| `config.ldap.groupType` | LDAP group type, either `dynamic` or `static`. | `dynamic` | +| `config.ldap.userMemberOfAttribute` | LDAP user member of attribute, required if `groupType` is `dynamic`. | `memberOf` | +| `config.ldap.groupBaseDn` | LDAP group base, required if `groupType` is `static`. | | +| `config.ldap.groupSubtree` | If `true`, LDAP groups in trees below the group base are valid (only used if `groupType` is `static`). | `false` | +| `config.ldap.groupObjectClass` | LDAP group object class, required if `groupType` is `static`. | | +| `config.ldap.groupIdAttribute` | LDAP group id attribute, required if `groupType` is `static`. | | +| `config.ldap.groupMemberAttribute` | LDAP group member attribute, required if `groupType` is `static`. | | +| `config.ldap.groupMemberFormat` | LDAP group member format, required if `groupType` is `static`. | | +| `config.blobStores` | Blob stores to be configured (see `values.yaml` for structure). | `[]` | +| `config.cleanup` | Cleanup policies to be configured (see `values.yaml` for structure). | `[]` | +| `config.repoCredentials.enabled` | If `true`, use the given secret to provide repo credentials. | `false` | +| `config.repoCredentials.secret` | Secret containing repo credentials, where the key should be the repo name and the value the password. | `[]` | +| `config.repos` | Repos to be configured (see `values.yaml` for structure). | `[]` | +| `config.tasks` | Tasks to be configured (see `values.yaml` for structure). | `[]` | +| `testResources` | If `true`, create resources required for testing and enable the resources to be used by the test hook. | `false` | diff --git a/charts/nexus3/templates/configmap-properties.yaml b/charts/nexus3/templates/configmap-properties.yaml index e59a2ea2..034bac41 100644 --- a/charts/nexus3/templates/configmap-properties.yaml +++ b/charts/nexus3/templates/configmap-properties.yaml @@ -7,12 +7,17 @@ metadata: {{- include "nexus3.labels" . | nindent 4 }} data: nexus.properties: | - {{- if .Values.license.enabled }} - nexus.licenseFile=/nexus-data/etc/nexus.license - {{- end }} - {{- if and (not .Values.deployment) .Values.highAvailability.enabled }} +{{- if .Values.license.enabled }} + nexus.licenseFile=/var/opt/sonatype/nexus.license +{{- end }} +{{- if and (not .Values.deployment) .Values.highAvailability.enabled }} nexus.datastore.clustered.enabled=true - {{- end }} - {{- range .Values.properties }} +{{- end }} +{{- range .Values.properties }} {{ . }} - {{- end }} +{{- end }} + + nexus-store.properties: | +{{- range .Values.storeProperties }} + {{ . }} +{{- end }} diff --git a/charts/nexus3/templates/deployment.yaml b/charts/nexus3/templates/deployment.yaml index 0fbfd1e2..5ab93f9d 100644 --- a/charts/nexus3/templates/deployment.yaml +++ b/charts/nexus3/templates/deployment.yaml @@ -114,9 +114,9 @@ spec: {{- end }} - name: INSTALL4J_ADD_VM_PARAMS {{- if .Values.caCerts.enabled }} - value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=/nexus-data/javaprefs -Djavax.net.ssl.trustStore=/nexus-data/keystores/cacerts %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} + value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs -Djavax.net.ssl.trustStore=${NEXUS_DATA}/keystores/cacerts %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} {{- else }} - value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=/nexus-data/javaprefs %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} + value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} {{- end }} {{- if and .Values.config.enabled (or .Values.rootPassword.secret .Values.config.rootPassword.secret) }} lifecycle: @@ -150,6 +150,16 @@ spec: name: {{ include "nexus3.fullname" . }}-properties subPath: nexus.properties readOnly: true + - mountPath: /nexus-data/etc/fabric/nexus-store.properties + name: {{ include "nexus3.fullname" . }}-properties + subPath: nexus-store.properties + readOnly: true + {{- if .Values.license.enabled }} + - mountPath: /var/opt/sonatype/nexus.license + name: license + subPath: {{ .Values.license.key }} + readOnly: true + {{- end }} {{- if .Values.plugins }} - mountPath: /opt/sonatype/nexus/deploy name: nexus-deploy @@ -185,6 +195,11 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- if .Values.license.enabled }} + - name: license + secret: + secretName: {{ .Values.license.secret }} + {{- end }} {{- if .Values.caCerts.enabled }} - name: nexus3-cas secret: diff --git a/charts/nexus3/templates/statefulset.yaml b/charts/nexus3/templates/statefulset.yaml index 02bb4749..449cac00 100644 --- a/charts/nexus3/templates/statefulset.yaml +++ b/charts/nexus3/templates/statefulset.yaml @@ -107,9 +107,9 @@ spec: env: - name: INSTALL4J_ADD_VM_PARAMS {{- if .Values.caCerts.enabled }} - value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=/nexus-data/javaprefs -Djavax.net.ssl.trustStore=/nexus-data/keystores/cacerts %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} + value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs -Djavax.net.ssl.trustStore=${NEXUS_DATA}/keystores/cacerts %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} {{- else }} - value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=/nexus-data/javaprefs %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} + value: {{ printf "-Xms%s -Xmx%s %s -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs %s" .Values.envVars.jvmMinHeapSize .Values.envVars.jvmMaxHeapSize .Values.envVars.jvmAdditionalMemoryOptions .Values.envVars.jvmAdditionalOptions | quote }} {{- end }} {{- if or .Values.rootPassword.secret .Values.config.rootPassword.secret }} - name: NEXUS_SECURITY_INITIAL_PASSWORD @@ -153,8 +153,12 @@ spec: name: {{ include "nexus3.fullname" . }}-properties subPath: nexus.properties readOnly: true - {{- if .Values.license.enabled}} - - mountPath: /nexus-data/etc/nexus.license + - mountPath: /nexus-data/etc/fabric/nexus-store.properties + name: {{ include "nexus3.fullname" . }}-properties + subPath: nexus-store.properties + readOnly: true + {{- if .Values.license.enabled }} + - mountPath: /var/opt/sonatype/nexus.license name: license subPath: {{ .Values.license.key }} readOnly: true diff --git a/charts/nexus3/values.yaml b/charts/nexus3/values.yaml index 27080669..9769da08 100644 --- a/charts/nexus3/values.yaml +++ b/charts/nexus3/values.yaml @@ -30,7 +30,7 @@ deployment: true # Be aware that you need to fulfill a few prerequisites for a HA deployment. Please check sonatype documentation! highAvailability: enabled: false - replicas: 2 + replicas: 3 podLabels: {} podAnnotations: {} @@ -163,6 +163,8 @@ properties: - nexus.scripts.allowCreation=true # - nexus.golang.hosted=true +storeProperties: [] + plugins: [] # - name: nexus-repository-composer # url: https://repo1.maven.org/maven2/org/sonatype/nexus/plugins/nexus-repository-composer/0.0.29/nexus-repository-composer-0.0.29-bundle.kar