Adds Secret-based workflow to existing functionality for creating Nexus blobstores
General MR
Implements new feature requested in #141 (closed)
Summary
Updated .Values.nexus.blobstores.blobstore[] functionality to store each separate .blobstore_data item as a separate Kubernetes Secret, more effectively protecting any cloud credentials the user might need to pass to Nexus in order to create blobstores on S3 or Azure.
Relevant logs/screenshots
Nexus screenshot showing a helm-created bucket
Below is a blob store that was created by this helm chart automatically after we manually created a kubernetes Secret at nexus-repository-manager/my-aws-creds.
Update operation for an existing blobstore using my AWS creds as pulled in from a k8s secret
Values used:
blobstores:
enabled: true
blobstore:
- name: "test-nexus-blobstore"
type: "s3"
blobstore_data:
name: "test-nexus-blobstore"
bucketConfiguration:
bucket:
region: "us-gov-west-1"
name: "dp-ad-new-bucket"
expiration: 3
bucketSecurity:
accessKeyId: "redacted"
secretAccessKey: "redacted"
Automatically-created file-type blobstore
Relevant values used to create this one:
nexus:
blobstores:
enabled: true
blobstore:
# name of the file-backed nexus blobstore you're creating, used to find the API endpoint for creating this
- name: "test-file-blobstore"
type: "file"
blobstore_data:
# same name as above, used as part of the JSON payload to request the create/update of this blobstore
name: "test-file-blobstore"
# 1. /nexus-data/bobs/ is where the Nexus UI's blobstore create page defaults
# 2. /nexus-data this chart's default data PVC
# to placing new `file` blobstores
path: "/nexus-data/blobs/test-file-blobstore"Linked Issue
Upgrade Notices
(Include any relevant notes about upgrades here or write "N/A" if there are none)
Edited by Daniel Pritchett