Sonatype Nexus Repository Manager (NXRM) Documentationπ
Table of Contentsπ
- NXRM SSO Integration
- NXRM High Availability
- NXRM Storage
- NXRM Database
- NXRM Dependent Packages
- NXRM BigBang Caveats, Notes, etc.
Iron Bankπ
You can pull
the Iron Bank image here and view the container approval here.
Helmπ
Please reference complete list of providable variables here
git clone https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus-repository-manager.git
helm install nexus-repository-manager chart
BigBang Additions, Comments, and Important Informationπ
Random Admin Passwordπ
NXRMβs upstream chart ships with a standardized password and an optional values parameter to randomize a password. The
problem with this approach it the user would be required to exec
into the pod to retrieve the password. We are
leveraging the existing nexus.env['NEXUS_SECURITY_RANDOMPASSWORD']
item to force the creation of the random password
on the pod. However, we are generating a random password via randAlphaNum
and creating a Kubernetes secret. This
method allows us to overwrite the generated file containing the Nexus generated random password with a Kubernetes
secret to enable programmatic ingestion.
If you change the admin userβs password via the UI you also must update the secret. Failure to do so will result in proxy/saml job failures on subsequent upgrades.
Ensure the following is present to enable the randomized Kubernetes password:
# values.yaml
nexus:
env:
- name: NEXUS_SECURITY_RANDOMPASSWORD
key: "true"
...
secret:
enabled: true
mountPath: /nexus-data/admin.password
subPath: admin.password
readOnly: true
Prometheusπ
See PROMETHEUS.MD for information about integration with Prometheus.
Licenseπ
We expect you to secure your license; the license will be provided as a binary. Encode the binary file as a base64
encoded string, secure with sops, and place in .Values.addons.nexusRepositoryManager.license_key
. The _helpers.tpl
will create a named template and generate the appropriate secret within the namespace. The chart will reference the
license via a secret volumeMount to ensure the application starts licensed.
NXRM Dependent Packagesπ
Nexus IQ Server requires Nexus Repository Manager.