Skip to main content
Version: 3.10

Sonatype Nexus Repository OSS Integration

This documentation guide provides comprehensive instructions for integrating Sonatype Nexus Repository OSS (Nexus) with KubeRocketCI.

Prerequisites​

Before proceeding, ensure the following prerequisites are met:

Installation​

To install Nexus in environment, it's recommended to use the resources provided in the Cluster Add-Ons repository. This approach involves installing both the Nexus repository manager and the nexus-operator. Leveraging the Cluster Add-Ons simplifies the deployment and management process, providing a streamlined method to integrate Nexus into infrastructure.

  1. Nexus Repository Manager: First, navigate to the forked cluster Add-Ons repository and align the nexus values.yaml and nexus-operator values.yaml files. Follow the instructions to deploy Nexus, ensuring it's correctly configured to serve as artifact repository.

  2. Update the configuration to enable nexus and nexus-operator in Add-Ons repository:

    clusters/core/apps/values.yaml
    nexus:
    createNamespace: true
    enable: true

    nexus-operator:
    createNamespace: true
    enable: true
  3. Sync resources and wait till the all nexus and nexus-operator resources is created:

    Nexus ArgoCD applications

  4. Sign In into Nexus Repository Manager using the default credentials Username: admin and Password: admin123 and update the default password for better security:

    Nexus change password

Configuration​

With Add-ons approach nexus-operator create the necessary roles,Service Account ci.user, blob stores, repository, scripts, cleanup policies automatically. Below is a comprehensive guide on how to create all resources manually.

Configuration Nexus Repository Manager with nexus-operator​

  1. Create a Kubernetes Secret that the nexus-operator will use to connect to the Nexus Repository Manager and create all resources:
apiVersion: v1
kind: Secret
metadata:
name: nexus-admin-password
namespace: nexus
type: Opaque
data:
user: YWRtaW4= # base64-encoded value of "admin"
password: cGFzcw== # base64-encoded value of "pass"
  1. Create a secret using manifests or with External Secrets Operator to enable the edp-nexus-operator to connect to the Nexus Repository Manager for provisioning:
apiVersion: v1
kind: Secret
metadata:
name: ci-nexus
namespace: nexus
type: Opaque
stringData:
password: <nexus-user-password>

Configuration Nexus Repository Manager without nexus-operator​

Without using the nexus-operator, manual updates are required for the Helm chart values of the Nexus Repository Manager, as well as the creation of blob stores, repositories, roles, and the Service Account ci.user:

  1. Create blob store. Open the Nexus UI and navigate to Server administration and configuration -> Repository -> Blob Stores and click Create Blob Store, fill the following fields and click Save button:

    • Type: File
    • Name: edp-maven
  2. KubeRocketCI operates using a specific repository naming convention, where all repository names adhere to predefined standards. To align with this, navigate to Server administration and configuration -> Repository -> Repositories within Nexus. Here, repository creation is limited to those that match the required programming language, ensuring consistency and compliance with the KubeRocketCI framework.

    Nexus repository list

    a) Click Create a repository by selecting maven2(proxy) fill the following fields and click Create repository:

    • Name edp-maven-proxy
    • Remote storage URL https://repo1.maven.org/maven2/
    • Blob store edp-maven
    • HTTP request settings check
    • Use-agent customization user-agent-suffix
    • Connection retries 10
    • Connection timeout 1440

    b) Click Create a repository by selecting maven2(hosted) fill the following fields and click Create repository:

    • Name edp-maven-snapshots
    • Version policy snapshots
    • Blob store edp-maven

    c) Click Create a repository by selecting maven2(hosted) fill the following fields and click Create repository:

    • Name edp-maven-releases
    • Version policy release
    • Blob store edp-maven

    d) Click Create a repository by selecting maven2(group) fill the following fields and click Create repository:

    • Name edp-maven-group
    • Version policy release
    • Member repositories edp-maven-proxy, edp-maven-snapshots, edp-maven-releases
  3. Open the Nexus UI and navigate to Server administration and configuration -> Security -> Roles. Click the Create Role button, fill the following fields and click Save button:

    • Type: Nexus role
    • Role ID: krci-admin
    • Role Name: krci-admin
    • Role Descriptions: Read and write access to all repos and scripts
    • Applied Privileges: nx-apikey-all, nx-repository-view-*-*-add, nx-repository-view-*-*-browse,nx-repository-view-*-*-edit, nx-repository-view-*-*-read, nx-script-*-add, nx-script-*-delete, nx-script-*-read, nx-script-*-run

    Roles settings

  4. Create repository Service Account ci.user. Open the Nexus UI and navigate to Server administration and configuration -> Security -> User. Click the Create local user button to create a new user:

    Nexus user settings

  5. Type the ci.user username, fill the following fields and click the Create local user button to create the *Service Account, fill the following fields and click Save button::

    • ID: ci.user
    • First name: ci.user
    • Last name: CI
    • Email: ci.user@krci.com
    • Password: <nexus-user-password>
    • Status: Active
    • Roles: krci-admin

    Nexus create user

Integration Nexus Repository Manager with KubeRocketCI​

For provision secret using manifest, KubeRocketCI portal or with the externalSecrets operator:

Go to Portal -> Configuration -> ARTIFACTS STORAGE -> NEXUS. Update or click + ADD INTEGRATION fill the following fields and click the SAVE button:

  • Quick link URL https://nexus.example.com
  • URL http://nexus.nexus:8081
  • User nexus-user-id
  • Password nexus-user-password

Nexus update manual secret