Merge branch 'nexus' into 'master'

Nexus

Closes #332 and #257

See merge request platform-one/big-bang/bigbang!445

Packages.md

@@ -31,10 +31,12 @@
 | ----    | ---  |
 | [Gitlab](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab)  | ![Gitlab Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/badges/main/pipeline.svg)    |
 | [Gitlab Runner](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  ![Gitlab Runner Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/badges/main/pipeline.svg) |
+| [Nexus](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus) |  ![Nexus](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/badges/main/pipeline.svg) |
 | [Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube) |  ![Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/badges/main/pipeline.svg) |
 
 
 
+
 ## Collaboration Tools
 
 | Package | Status |

chart/Chart.yaml

@@ -25,4 +25,4 @@ maintainers:
   - name: Josh Wolf
     email: josh@rancherfederal.com
 
-icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
+icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
\ No newline at end of file

chart/templates/nexus-repository-manager/gitrepository.yaml

+{{- if .Values.addons.nexus.enabled  }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: nexus-repository-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: nexus-repository-manager
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.addons.nexus.git.repo }}
+  ref:
+    {{- include "validRef" .Values.addons.nexus.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}

chart/templates/nexus-repository-manager/imagepullsecret.yaml

+{{- if .Values.addons.nexus.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: nexus-repository-manager
+  labels:
+    app.kubernetes.io/name: "nexus-repository-manager"
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}} 
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}

chart/templates/nexus-repository-manager/namespace.yaml

+{{- if .Values.addons.nexus.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nexus-repository-manager
+  labels:
+    {{- if .Values.istio.enabled }}
+    istio-injection: enabled
+    {{- end }}
+    app.kubernetes.io/name: "nexus-repository-manager"
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}}
+{{- end }}

chart/templates/nexus-repository-manager/nexus-repository-manager-helmrelease.yaml

+{{- $fluxSettingsNexus := merge .Values.addons.nexus.flux .Values.flux -}}
+{{- if .Values.addons.nexus.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: nexus-repository-manager
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: "nexus-repository-manager"
+    app.kubernetes.io/component: "developer-tools"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: nexus-repository-manager
+  releaseName: nexus-repository-manager
+  interval: 10m
+  chart:
+    spec:
+      chart: {{ .Values.addons.nexus.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: nexus-repository-manager
+        namespace: {{ .Release.Namespace }}
+
+  {{- toYaml $fluxSettingsNexus | nindent 2 }}
+
+  valuesFrom:
+    - name: {{ .Release.Name }}-nexus-repository-manager-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-nexus-repository-manager-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-nexus-repository-manager-values
+      kind: Secret
+      valuesKey: "overlays"
+
+  {{ if or .Values.istio.enabled .Values.monitoring.enabled }}
+  dependsOn:
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/nexus-repository-manager/values.yaml

+{{- if .Values.addons.nexus.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.addons.nexus "name" "nexus-repository-manager" "defaults" (include "bigbang.defaults.nexus-repository-manager" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.nexus-repository-manager" -}}
+domain: {{ .Values.hostname }}
+hostname: nexus
+istio:
+  enabled: {{ .Values.istio.enabled }}
+
+monitoring:
+  enabled: {{ .Values.monitoring.enabled }}
+
+nexus:
+  imagePullSecrets:
+    - name: private-registry
+
+license_key: "{{ .Values.addons.nexus.license_key }}"
+
+{{- if .Values.addons.nexus.sso.enabled }}
+sso:
+  enabled: {{ .Values.addons.nexus.sso.enabled }}
+  idp_data:
+    entityId: "https://nexus.{{ .Values.hostname }}/service/rest/v1/security/saml/metadata"
+    usernameAttribute: "{{ .Values.addons.nexus.sso.idp_data.username }}"
+    firstNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.firstName }}"
+    lastNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.lastName }}"
+    emailAttribute: "{{ .Values.addons.nexus.sso.idp_data.email }}"
+    groupsAttribute: "{{ .Values.addons.nexus.sso.idp_data.groups }}"
+    validateResponseSignature: "true"
+    validateAssertionSignature: "true"
+    idpMetadata: '{{ .Values.addons.nexus.sso.idp_data.idpMetadata }}'
+  realm:
+    - "NexusAuthenticatingRealm"
+    - "NexusAuthorizingRealm"
+    - "SamlRealm"
+  role:
+    id: "keycloak"
+    name: "keycloak"
+    description: "all keycloak users as admins"
+    privileges:
+      - "nx-all"
+    roles:
+      - "nx-admin"
+{{- end }}
+{{- end -}}

chart/values.yaml

@@ -302,7 +302,7 @@ fluentbit:
   # -- Flux reconciliation overrides specifically for the Fluent-Bit Package
   flux: {}
 
-  # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git  
+  # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
   values: {}
 
   # -- Post Renderers.  See docs/postrenders.md
@@ -576,6 +576,58 @@ addons:
     # -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
     values: {}
 
+  nexus:
+    # -- Toggle deployment of Nexus.
+    enabled: false
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git
+      path: "./chart"
+      tag: "29.1.0-bb.0"
+
+    # -- Base64 encoded license file.
+    license_key: ""
+
+    sso:
+      # -- Toggle SAML SSO for NXRM.
+      # -- handles SAML SSO, a Client must be configured in Keycloak or IdP
+      # -- to complete setup.
+      # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
+      enabled: false
+
+      # -- NXRM SAML SSO Integration data
+      idp_data:
+        # -- IdP Field Mappings
+        # -- NXRM username attribute
+        username: ""
+
+        # -- NXRM firstname attribute (optional)
+        firstName: ""
+
+        # -- NXRM lastname attribute (optional)
+        lastName: ""
+
+        # -- NXRM email attribute (optional)
+        email: ""
+
+        # -- NXRM groups attribute (optional)
+        groups: ""
+
+        # -- IDP SAML Metadata XML as a single line string in single quotes
+        # -- this information is public and does not require a secret
+        idpMetadata: ''
+
+      # -- NXRM Role
+      role:
+        id: ""
+        name: ""
+        description: ""
+
+    # -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package
+    flux: {}
+
+    # -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/nexus.git
+    values: {}
+
   sonarqube:
     # -- Toggle deployment of SonarQube.
     enabled: false

docs/airgap/scripts/values.yaml

@@ -118,4 +118,8 @@ addons:
   keycloak:
     enabled: false
     git:
-      repo: ssh://git@host.k3d.internal/home/git/repos/keycloak
\ No newline at end of file
+      repo: ssh://git@host.k3d.internal/home/git/repos/keycloak
+  nexus:
+    enabled: false
+    git:
+      repo: ssh://git@host.k3d.internal/home/git/repos/nexus

scripts/deploy/02_wait_for_helmreleases.sh

@@ -3,7 +3,7 @@
 set -e
 
 ## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost keycloak"
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost keycloak nexus-repository-manager"
 
 ## This is the actual deployed helmrelease objects in the cluster
 DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')

tests/ci/k3d/values.yaml

@@ -356,6 +356,21 @@ addons:
           servers: 1
         volumesPerServer: 1
 
+  nexus:
+    enabled: false
+    values:
+      persistence:
+        storageSize: 3Gi
+      nexus:
+      # https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
+        env:
+          - name: install4jAddVmParams
+            value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
+        resources:
+          requests:
+            cpu: 100m
+            memory: 1500Mi
+
   velero:
     enabled: false
     values: