Sonatype Nexus Repository Manager (NXRM) Documentation💣
Table of Contents💣
- NXRM SSO Integration
- NXRM High Availability
- NXRM Storage
- NXRM Database
- NXRM Dependent Packages
- NXRM BigBang Caveats, Notes, etc.
Iron Bank💣
You can pull
the Iron Bank image here and view the container approval here.
Helm💣
Please reference complete list of providable variables here
git clone https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus-repository-manager.git
helm install nexus-repository-manager chart
BigBang Additions, Comments, and Important Information💣
Random Admin Password💣
NXRM’s upstream chart ships with a standardized password and an optional values parameter to randomize a password. The
problem with this approach it the user would be required to exec
into the pod to retrieve the password. We are
leveraging the existing nexus.env['NEXUS_SECURITY_RANDOMPASSWORD']
item to force the creation of the random password
on the pod. However, we are generating a random password via randAlphaNum
and creating a Kubernetes secret. This
method allows us to overwrite the generated file containing the Nexus generated random password with a Kubernetes
secret to enable programmatic ingestion.
If you change the admin user’s password via the UI you also must update the secret. Failure to do so will result in proxy/saml job failures on subsequent upgrades.
Ensure the following is present to enable the randomized Kubernetes password:
# values.yaml
nexus:
env:
- name: NEXUS_SECURITY_RANDOMPASSWORD
key: "true"
...
secret:
enabled: true
mountPath: /nexus-data/admin.password
subPath: admin.password
readOnly: true
Nexus Package Upgrades💣
If you are upgrading from versions prior to 42.0.0-bb.4
there are considerations to make for upgrade paths and inclusion of new values. In 42.0.0-bb.4
this package was updated to change the user for metrics collection basicAuth
from admin
to a metrics
user. This was in an effort to reduce the permissions of the user with credentials stored in kubernetes.
New Installation💣
The recommended process for new installations of this package include:
- set
.Values.monitoring.serviceMonitor.createMetricsUser
totrue
- set
.Values.secret.enabled
totrue
- reconcile the package and ensure the target in prometheus for nexus is
UP
- set
.Values.monitoring.serviceMonitor.createMetricsUser
tofalse
- set
.Values.secret.enabled
tofalse
- This will remove the admin credentials secret from persisting in the cluster.
Package Upgrade💣
The recommended process for upgrading an existing installation include:
- set
.Values.monitoring.serviceMonitor.createMetricsUser
totrue
- set
.Values.secret.enabled
totrue
- set
.Values.custom_admin_password
to your current admin password - set
.Values.monitoring.serviceMonitor.createMetricsUser
tofalse
- set
.Values.secret.enabled
tofalse
- This will remove the admin credentials secret from persisting in the cluster.
License💣
We expect you to secure your license; the license will be provided as a binary. Encode the binary file as a base64
encoded string, secure with sops, and place in .Values.addons.nexusRepositoryManager.license_key
. The _helpers.tpl
will create a named template and generate the appropriate secret within the namespace. The chart will reference the
license via a secret volumeMount to ensure the application starts licensed.
NXRM Dependent Packages💣
Nexus IQ Server requires Nexus Repository Manager.