Sonatype Nexus Repository Manager (NXRM) Documentationπ
Table of Contentsπ
- NXRM SSO Integration
- NXRM High Availability
- NXRM Storage
- NXRM Database
- NXRM Dependent Packages
- NXRM BigBang Caveats, Notes, etc.
Iron Bankπ
You can pull
the Iron Bank image here and view the container approval here.
Helmπ
Please reference complete list of providable variables here
git clone https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus-repository-manager.git
helm install nexus-repository-manager chart
BigBang Additions, Comments, and Important Informationπ
Random Admin Passwordπ
NXRMβs upstream chart ships with a standardized password and an optional values parameter to randomize a password. The
problem with this approach it the user would be required to exec
into the pod to retrieve the password. We are
leveraging the existing nexus.env['NEXUS_SECURITY_RANDOMPASSWORD']
item to force the creation of the random password
on the pod. However, we are generating a random password via randAlphaNum
and creating a Kubernetes secret. This
method allows us to overwrite the generated file containing the Nexus generated random password with a Kubernetes
secret to enable programmatic ingestion.
Ensure the following is present to enable the randomized Kubernetes password:
# values.yaml
nexus:
env:
- name: NEXUS_SECURITY_RANDOMPASSWORD
key: "true"
...
secret:
enabled: true
mountPath: /nexus-data/admin.password
subPath: admin.password
readOnly: true
Licenseπ
We expect you to secure your license; the license will be provided as a binary. Encode the binary file as a base64
encoded string, secure with sops, and place in .Values.addons.nexusRepositoryManager.license_key
. The _helpers.tpl
will create a named template and generate the appropriate secret within the namespace. The chart will reference the
license via a secret volumeMount to ensure the application starts licensed.
NXRM Dependent Packagesπ
Nexus IQ Server requires Nexus Repository Manager.