Kubernetes/OpenShift Provisioning Plugin For Sonatype Nexus
- Allow for BlobStores to be configured using ConfigMap objects labelled
nexus-type==blobstore - Allow for Repositories to be configured using ConfigMap objects labelled
nexus-type==repository - Allow for Admin password to be configured using Secret object named
nexus
You can copy the bundle to /opt/sonatype/nexus/deploy on any running Nexus container, but it would not be persistent across restarts.
The simplest option is to build a new container image based on the sonatype/nexus3 container and add the bundle JAR file to the new image.
Here's how to create a container image:
## The Dockefiles are set to install from the GitHub Releases, no compilation required
docker build -t nexus-kubernetes -f Dockerfile .
docker build -t nexus-openshift -f Dockerfile.rhel7 .NOTE: To build the OpenShift image, you MUST have access to registry.connect.redhat.com and have Docker configured to authenticate to that registry.
For the most part, you should NOT need to do anything to configure this plugin. It will detect if it is running inside of a Kubernetes/OpenShift cluster and default to using the service account settings and environment variables defined in the Pod/Container. If you need to run this outside of a cluster but want to point at K8s API for configuration, you can assume the code will:
- If $KUBECONFIG is defined, use that config file.
- If $HOME/.kube/config can be found, use that.
- If the in-cluster service account can be found, assume in cluster config.
- Default to localhost:8080 as a last resort.
The Admin password can be set using a Secret named nexus which contains a key called password. For example:
apiVersion: v1
stringData:
password: <MY SUPER SECRET PASSWORD>
kind: Secret
metadata:
name: nexus
namespace: labs-ci-cd
type: OpaqueRight now, this ONLY supports File blobstores. Perhaps later, S3 blobstores can be supported.
apiVersion: v1
data:
type: 'File'
kind: ConfigMap
metadata:
name: my-blobstore
namespace: labs-ci-cd
labels:
nexus-type: blobstoreNexus supports a number of different repository types, and each one has different required settings.
apiVersion: v1
data:
recipe: 'MavenProxy'
remoteUrl: 'https://repo.maven.apache.org/maven2/'
blobStoreName: 'default'
strictContentTypeValidation: 'true'
versionPolicy: 'RELEASE'
layoutPolicy: 'STRICT'
kind: ConfigMap
metadata:
name: maven-central
namespace: labs-ci-cd
labels:
nexus-type: repositoryMore example ConfigMaps can be seen HERE
There are a few enumerated data types which you need to know as well:
| Type | Allowed Values |
|---|---|
| WritePolicy | ALLOW, ALLOW_ONCE, DENY |
| VersionPolicy | RELEASE, SNAPSHOT, MIXED |
| LayoutPolicy | STRICT, PERMISSIVE |
Listed below are the fields required for each repository type:
| Repository Type | Field | Type | Required | Default Value |
|---|---|---|---|---|
| AptHosted | description | String | false | <N/A> |
| pgpPrivateKey | String | false | <N/A> | |
| pgpPassPhrase | String | false | <N/A> | |
| blobStoreName | String | true | default | |
| writePolicy | WritePolicy | true | ALLOW | |
| strictContentTypeValidation | boolean | true | true | |
| AptProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| distribution | String | false | <N/A> | |
| strictContentTypeValidation | boolean | true | true | |
| BowerGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| BowerHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| BowerProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| rewritePackageUrls | boolean | true | true | |
| DockerGroup | httpPort | Integer | false | <N/A> |
| httpsPort | Integer | false | <N/A> | |
| members | List<String> (comma-separated list of repositories) | false | <N/A> | |
| v1Enabled | boolean | true | true | |
| blobStoreName | String | true | default | |
| forceBasicAuth | boolean | true | true | |
| DockerHosted | httpPort | Integer | false | <N/A> |
| httpsPort | Integer | false | <N/A> | |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| v1Enabled | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| forceBasicAuth | boolean | true | true | |
| DockerProxy | remoteUrl | String | true | <N/A> |
| indexType | String | true | REGISTRY (Can be REGISTRY, HUB, CUSTOM; CUSTOM requires setting indexUrl below) | |
| indexUrl | String | false | <N/A> | |
| httpPort | Integer | false | <N/A> | |
| httpsPort | Integer | false | <N/A> | |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| v1Enabled | boolean | true | true | |
| GitLfsHosted | blobStoreName | String | null | <N/A> |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| GolangGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| GolangHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| GolangProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| MavenGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| MavenHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| versionPolicy | VersionPolicy | true | RELEASE | |
| writePolicy | WritePolicy | true | ALLOW_ONCE | |
| layoutPolicy | LayoutPolicy | true | STRICT | |
| MavenProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| versionPolicy | VersionPolicy | true | RELEASE | |
| layoutPolicy | LayoutPolicy | true | STRICT | |
| NpmGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| NpmHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| NpmProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| NugetGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| NugetHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| NugetProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| PyPiGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| PyPiHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| PyPiProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| RawGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| RawHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| RawProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| RubygemsGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| RubygemsHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| RubygemsProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true | |
| YumGroup | members | List<String> (comma-separated list of repositories) | false | <N/A> |
| blobStoreName | String | true | default | |
| YumHosted | blobStoreName | String | true | default |
| strictContentTypeValidation | boolean | true | true | |
| writePolicy | WritePolicy | true | ALLOW | |
| depth | Integer | true | <N/A> | |
| YumProxy | remoteUrl | String | true | <N/A> |
| blobStoreName | String | true | default | |
| strictContentTypeValidation | boolean | true | true |
- Java >= 1.8
- Maven >= 3.3
- Maven Settings configured to use Sonatype Public Grid
<settings> <profiles> <profile> <id>default</id> <repositories> <repository> <id>nexus-public-grid</id> <name>nexus-public-grid</name> <url>https://repository.sonatype.org/content/groups/sonatype-public-grid/</url> <releases/> </repository> <repository> <id>central</id> <name>central</name> <url>https://repo.maven.apache.org/maven2/</url> <releases/> </repository> </repositories> </profile> </profiles> <activeProfiles> <activeProfile>default</activeProfile> </activeProfiles> </settings>
mvn clean package bundle:bundleThe BUNDLE jar file will be output in the project's root directory.