UNCLASSIFIED - NO CUI

Skip to content

Adds Secret-based workflow to existing functionality for creating Nexus blobstores

General MR

Implements new feature requested in #141 (closed)

Summary

Updated .Values.nexus.blobstores.blobstore[] functionality to store each separate .blobstore_data item as a separate Kubernetes Secret, more effectively protecting any cloud credentials the user might need to pass to Nexus in order to create blobstores on S3 or Azure.

Relevant logs/screenshots

Nexus screenshot showing a helm-created bucket

Below is a blob store that was created by this helm chart automatically after we manually created a kubernetes Secret at nexus-repository-manager/my-aws-creds.

image

Update operation for an existing blobstore using my AWS creds as pulled in from a k8s secret

image

Values used:

  blobstores:
    enabled: true
    blobstore:
      - name: "test-nexus-blobstore"
        type: "s3"
        blobstore_data:
          name: "test-nexus-blobstore"
          bucketConfiguration:
            bucket:
              region: "us-gov-west-1"
              name: "dp-ad-new-bucket"
              expiration: 3
            bucketSecurity:
              accessKeyId: "redacted"
              secretAccessKey: "redacted"

Automatically-created file-type blobstore

image

Relevant values used to create this one:

nexus:
  blobstores:
    enabled: true
    blobstore:
        # name of the file-backed nexus blobstore you're creating, used to find the API endpoint for creating this
      - name: "test-file-blobstore"
        type: "file"
        blobstore_data:
           # same name as above, used as part of the JSON payload to request the create/update of this blobstore
           name: "test-file-blobstore"
           # 1. /nexus-data/bobs/ is where the Nexus UI's blobstore create page defaults
           # 2. /nexus-data this chart's default data PVC
           # to placing new `file` blobstores
           path: "/nexus-data/blobs/test-file-blobstore"

Linked Issue

issue

Upgrade Notices

(Include any relevant notes about upgrades here or write "N/A" if there are none)

Edited by Daniel Pritchett

Merge request reports

Loading