Sonatype Nexus Repository Manager (NXRM) Documentation💣
Table of Contents💣
- NXRM SSO Integration
- NXRM High Availability
- NXRM Storage
- NXRM Database
- NXRM Dependent Packages
- NXRM BigBang Caveats, Notes, etc.
Iron Bank💣
You can pull
the Iron Bank image here and view the container approval here.
Helm💣
Please reference complete list of providable variables here
git clone https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus-repository-manager.git
helm install nexus-repository-manager chart
BigBang Additions, Comments, and Important Information💣
Random Admin Password💣
NXRM’s upstream chart ships with a standardized password and an optional values parameter to randomize a password. The
problem with this approach it the user would be required to exec
into the pod to retrieve the password. We are
leveraging the existing nexus.env['NEXUS_SECURITY_RANDOMPASSWORD']
item to force the creation of the random password
on the pod. However, we are generating a random password via randAlphaNum
and creating a Kubernetes secret. This
method allows us to overwrite the generated file containing the Nexus generated random password with a Kubernetes
secret to enable programmatic ingestion.
Ensure the following is present to enable the randomized Kubernetes password:
# values.yaml
nexus:
env:
- name: NEXUS_SECURITY_RANDOMPASSWORD
key: "true"
...
secret:
enabled: true
mountPath: /nexus-data/admin.password
subPath: admin.password
readOnly: true
License💣
We expect you to secure your license; the license will be provided as a binary. Encode the binary file as a base64
encoded string, secure with sops, and place in .Values.addons.nexusRepositoryManager.license_key
. The _helpers.tpl
will create a named template and generate the appropriate secret within the namespace. The chart will reference the
license via a secret volumeMount to ensure the application starts licensed.
NXRM Dependent Packages💣
Nexus IQ Server requires Nexus Repository Manager.