diff --git a/Packages.md b/Packages.md
index 70ee4a395f959715b22951cbbcc7a998dfef5ed0..c195850a25b2a6554c303d3da7d7816affb9f14e 100644
--- a/Packages.md
+++ b/Packages.md
@@ -31,10 +31,12 @@
| ---- | --- |
| [Gitlab](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab) |  |
| [Gitlab Runner](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  |
+| [Nexus](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus) |  |
| [Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube) |  |
+
## Collaboration Tools
| Package | Status |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 5884e3df5430c26668c677fa05ffb3e7f1d6cf55..d983f30db9aeb0bba38d75be33c71c3c02a1e9c6 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -25,4 +25,4 @@ maintainers:
- name: Josh Wolf
email: josh@rancherfederal.com
-icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
+icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
\ No newline at end of file
diff --git a/chart/templates/nexus-repository-manager/gitrepository.yaml b/chart/templates/nexus-repository-manager/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..58ad414a2f65464741137a1eb5e13e6bb1e535d7
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.addons.nexus.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: nexus-repository-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: nexus-repository-manager
+ app.kubernetes.io/component: "developer-tools"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.addons.nexus.git.repo }}
+ ref:
+ {{- include "validRef" .Values.addons.nexus.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/nexus-repository-manager/imagepullsecret.yaml b/chart/templates/nexus-repository-manager/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..56b3093d9310d769b2b6d754db3d82ef54e1aef9
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/imagepullsecret.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.addons.nexus.enabled }}
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: nexus-repository-manager
+ labels:
+ app.kubernetes.io/name: "nexus-repository-manager"
+ app.kubernetes.io/component: "developer-tools"
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/nexus-repository-manager/namespace.yaml b/chart/templates/nexus-repository-manager/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..db8a74f84f90093463ba9a622d10bbf1c98b31ba
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/namespace.yaml
@@ -0,0 +1,13 @@
+{{- if .Values.addons.nexus.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: nexus-repository-manager
+ labels:
+ {{- if .Values.istio.enabled }}
+ istio-injection: enabled
+ {{- end }}
+ app.kubernetes.io/name: "nexus-repository-manager"
+ app.kubernetes.io/component: "developer-tools"
+ {{- include "commonLabels" . | nindent 4}}
+{{- end }}
diff --git a/chart/templates/nexus-repository-manager/nexus-repository-manager-helmrelease.yaml b/chart/templates/nexus-repository-manager/nexus-repository-manager-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8d873e1e7d3ce764a52ddcd5d0778cd28391417c
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/nexus-repository-manager-helmrelease.yaml
@@ -0,0 +1,49 @@
+{{- $fluxSettingsNexus := merge .Values.addons.nexus.flux .Values.flux -}}
+{{- if .Values.addons.nexus.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: nexus-repository-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: "nexus-repository-manager"
+ app.kubernetes.io/component: "developer-tools"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: nexus-repository-manager
+ releaseName: nexus-repository-manager
+ interval: 10m
+ chart:
+ spec:
+ chart: {{ .Values.addons.nexus.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: nexus-repository-manager
+ namespace: {{ .Release.Namespace }}
+
+ {{- toYaml $fluxSettingsNexus | nindent 2 }}
+
+ valuesFrom:
+ - name: {{ .Release.Name }}-nexus-repository-manager-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-nexus-repository-manager-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-nexus-repository-manager-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{ if or .Values.istio.enabled .Values.monitoring.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/nexus-repository-manager/values.yaml b/chart/templates/nexus-repository-manager/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..29f259ad002ec06ffd0af3fd181c1372b0f0675f
--- /dev/null
+++ b/chart/templates/nexus-repository-manager/values.yaml
@@ -0,0 +1,46 @@
+{{- if .Values.addons.nexus.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.addons.nexus "name" "nexus-repository-manager" "defaults" (include "bigbang.defaults.nexus-repository-manager" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.nexus-repository-manager" -}}
+domain: {{ .Values.hostname }}
+hostname: nexus
+istio:
+ enabled: {{ .Values.istio.enabled }}
+
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+
+nexus:
+ imagePullSecrets:
+ - name: private-registry
+
+license_key: "{{ .Values.addons.nexus.license_key }}"
+
+{{- if .Values.addons.nexus.sso.enabled }}
+sso:
+ enabled: {{ .Values.addons.nexus.sso.enabled }}
+ idp_data:
+ entityId: "https://nexus.{{ .Values.hostname }}/service/rest/v1/security/saml/metadata"
+ usernameAttribute: "{{ .Values.addons.nexus.sso.idp_data.username }}"
+ firstNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.firstName }}"
+ lastNameAttribute: "{{ .Values.addons.nexus.sso.idp_data.lastName }}"
+ emailAttribute: "{{ .Values.addons.nexus.sso.idp_data.email }}"
+ groupsAttribute: "{{ .Values.addons.nexus.sso.idp_data.groups }}"
+ validateResponseSignature: "true"
+ validateAssertionSignature: "true"
+ idpMetadata: '{{ .Values.addons.nexus.sso.idp_data.idpMetadata }}'
+ realm:
+ - "NexusAuthenticatingRealm"
+ - "NexusAuthorizingRealm"
+ - "SamlRealm"
+ role:
+ id: "keycloak"
+ name: "keycloak"
+ description: "all keycloak users as admins"
+ privileges:
+ - "nx-all"
+ roles:
+ - "nx-admin"
+{{- end }}
+{{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index e325cdf73de25e9dc260d69d6d510dbc422c3f68..2258e0c95e3c047df7a8bffd6867da4265480bee 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -302,7 +302,7 @@ fluentbit:
# -- Flux reconciliation overrides specifically for the Fluent-Bit Package
flux: {}
- # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
+ # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
values: {}
# -- Post Renderers. See docs/postrenders.md
@@ -576,6 +576,58 @@ addons:
# -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
values: {}
+ nexus:
+ # -- Toggle deployment of Nexus.
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git
+ path: "./chart"
+ tag: "29.1.0-bb.0"
+
+ # -- Base64 encoded license file.
+ license_key: ""
+
+ sso:
+ # -- Toggle SAML SSO for NXRM.
+ # -- handles SAML SSO, a Client must be configured in Keycloak or IdP
+ # -- to complete setup.
+ # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
+ enabled: false
+
+ # -- NXRM SAML SSO Integration data
+ idp_data:
+ # -- IdP Field Mappings
+ # -- NXRM username attribute
+ username: ""
+
+ # -- NXRM firstname attribute (optional)
+ firstName: ""
+
+ # -- NXRM lastname attribute (optional)
+ lastName: ""
+
+ # -- NXRM email attribute (optional)
+ email: ""
+
+ # -- NXRM groups attribute (optional)
+ groups: ""
+
+ # -- IDP SAML Metadata XML as a single line string in single quotes
+ # -- this information is public and does not require a secret
+ idpMetadata: ''
+
+ # -- NXRM Role
+ role:
+ id: ""
+ name: ""
+ description: ""
+
+ # -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package
+ flux: {}
+
+ # -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/nexus.git
+ values: {}
+
sonarqube:
# -- Toggle deployment of SonarQube.
enabled: false
diff --git a/docs/airgap/scripts/values.yaml b/docs/airgap/scripts/values.yaml
index d10439752b27f25494e40a4bb537845c8651b527..81267a9065983e6e803df870d7262f2728e72380 100644
--- a/docs/airgap/scripts/values.yaml
+++ b/docs/airgap/scripts/values.yaml
@@ -118,4 +118,8 @@ addons:
keycloak:
enabled: false
git:
- repo: ssh://git@host.k3d.internal/home/git/repos/keycloak
\ No newline at end of file
+ repo: ssh://git@host.k3d.internal/home/git/repos/keycloak
+ nexus:
+ enabled: false
+ git:
+ repo: ssh://git@host.k3d.internal/home/git/repos/nexus
diff --git a/scripts/deploy/02_wait_for_helmreleases.sh b/scripts/deploy/02_wait_for_helmreleases.sh
index 6ff1330fd3851253ec6aa88bd6d2fea81e7163f1..feeb7333ac38b3ff176d3fbda98206c5ce64ff4e 100755
--- a/scripts/deploy/02_wait_for_helmreleases.sh
+++ b/scripts/deploy/02_wait_for_helmreleases.sh
@@ -3,7 +3,7 @@
set -e
## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost keycloak"
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso gitlab-runner minio-operator minio anchore sonarqube mattermost-operator mattermost keycloak nexus-repository-manager"
## This is the actual deployed helmrelease objects in the cluster
DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')
diff --git a/tests/ci/k3d/values.yaml b/tests/ci/k3d/values.yaml
index d44fd89c7c9c6841b471ee4705d3833295850b53..b7fb9aac85e7c8434b5d2a59355dc39bdd673630 100644
--- a/tests/ci/k3d/values.yaml
+++ b/tests/ci/k3d/values.yaml
@@ -356,6 +356,21 @@ addons:
servers: 1
volumesPerServer: 1
+ nexus:
+ enabled: false
+ values:
+ persistence:
+ storageSize: 3Gi
+ nexus:
+ # https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
+ env:
+ - name: install4jAddVmParams
+ value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
+ resources:
+ requests:
+ cpu: 100m
+ memory: 1500Mi
+
velero:
enabled: false
values: