Sonatype Nexus Repository OSS Integration
This documentation guide provides comprehensive instructions for integrating Sonatype Nexus Repository OSS (Nexus) with KubeRocketCI.
Prerequisites​
Before proceeding, ensure that you have the following prerequisites:
- Kubectl version 1.26.0+ is installed. Please refer to the Kubernetes official website for details.
- Helm version 3.14.0+ is installed. Please refer to the Helm page on GitHub for details.
Installation​
To install Nexus in your environment, it's recommended to use the resources provided in the Cluster Add-Ons repository. This approach involves installing both the Nexus repository manager and the nexus-operator. Leveraging the Cluster Add-Ons simplifies the deployment and management process, providing a streamlined method to integrate Nexus into your infrastructure.
-
Nexus Repository Manager: First, navigate to the Nexus section within the KubeRocketCI Cluster Add-Ons repository. Follow the instructions to deploy Nexus, ensuring it's correctly configured to serve as your artifact repository.
-
Nexus-Operator: Then, proceed with the nexus-operator installation. The operator facilitates easier management and automation of Nexus, allowing for seamless updates, configuration changes, and monitoring.
Configuration​
To guarantee robust authentication and precise access control within the platform ecosystem, it's essential to establish a Service Account named ci.user. This account acts as a distinct identifier, enabling seamless integration and secure communication across the KubeRocketCI environment.
To create the Nexus ci.user and define repository parameters follow the steps below:
-
Open the Nexus UI and navigate to Server administration and configuration -> Security -> User. Click the
Create local userbutton to create a new user:
-
Type the
ci-userusername, define an expiration period, and click theGeneratebutton to create the token:
-
KubeRocketCI operates using a specific repository naming convention, where all repository names adhere to predefined standards. To align with this, navigate to Server administration and configuration -> Repository -> Repositories within Nexus. Here, repository creation is limited to those that match the required programming language, ensuring consistency and compliance with the KubeRocketCI framework.
- Java
- JavaScript
- DotNet
- Python
a) Click Create a repository by selecting "maven2(proxy)" and set the name as "edp-maven-proxy". Enter the remote storage URL as "https://repo1.maven.org/maven2/". Save the configuration.
b) Click Create a repository by selecting "maven2(hosted)" and set the name as "edp-maven-snapshot". Change the Version policy to "snapshot". Save the configuration.
c) Click Create a repository by selecting "maven2(hosted)" and set the name as "edp-maven-releases". Change the Version policy to "release". Save the configuration.
d) Click Create a repository by selecting "maven2(group)" and set the name as "edp-maven-group". Change the Version policy to "release". Add repository to group. Save the configuration.
a) Click Create a repository by selecting "npm(proxy)" and set the name as "edp-npm-proxy". Enter the remote storage URL as "https://registry.npmjs.org". Save the configuration.
b) Click Create a repository by selecting "npm(hosted)" and set the name as "edp-npm-snapshot". Save the configuration.
c) Click Create a repository by selecting "npm(hosted)" and set the name as "edp-npm-releases". Save the configuration.
d) Click Create a repository by selecting "npm(hosted)" and set the name as "edp-npm-hosted". Save the configuration.
e) Click Create a repository by selecting "npm(group)" and set the name as "edp-npm-group". Add repository to group. Save the configuration.
a) Click Create a repository by selecting "nuget(proxy)" and set the name as "edp-dotnet-proxy". Select Protocol version NuGet V3. Enter the remote storage URL as "https://api.nuget.org/v3/index.json". Save the configuration.
b) Click Create a repository by selecting "nuget(hosted)" and set the name as "edp-dotnet-snapshot". Save the configuration.
c) Click Create a repository by selecting "nuget(hosted)" and set the name as "edp-dotnet-releases". Save the configuration.
d) Click Create a repository by selecting "nuget(hosted)" and set the name as "edp-dotnet-hosted". Save the configuration.
e) Click Create a repository by selecting "nuget(group)" and set the name as "edp-dotnet-group". Add repository to group. Save the configuration.
a) Click Create a repository by selecting "pypi(proxy)" and set the name as "edp-python-proxy". Enter the remote storage URL as "https://pypi.org". Save the configuration.
b) Click Create a repository by selecting "pypi(hosted)" and set the name as "edp-python-snapshot". Save the configuration.
c) Click Create a repository by selecting "pypi(hosted)" and set the name as "edp-python-releases". Save the configuration.
d) Click Create a repository by selecting "pypi(group)" and set the name as "edp-python-group". Add repository to group. Save the configuration.
-
Provision secrets using manifest, EDP Portal or with the externalSecrets operator
- UI Portal
- Manifests
- External Secrets Operator
Go to Portal -> Configuration -> ARTIFACTS STORAGE -> NEXUS. Update or click + ADD INTEGRATION fill in the URL, nexus-user-id, nexus-user-password and click the Save button:
apiVersion: v1
kind: Secret
metadata:
name: ci-nexus
namespace: edp
labels:
app.edp.epam.com/secret-type: nexus
app.edp.epam.com/integration-secret: "true"
type: Opaque
stringData:
url: https://nexus.example.com
username: <nexus-user-id>
password: <nexus-user-password>
"ci-nexus":
{
"url": "https://nexus.example.com",
"username": "XXXXXXX",
"password": "XXXXXXX"
},
Go to Portal -> Configuration -> ARTIFACTS STORAGE -> NEXUS and see Managed by External Secret message.
More detail of External Secrets Operator Integration can found on the following page