Nexus docker subdomain enable
This MR enables Support for the Nexus Docker Subdomain Connector to be added to the chart. This would result in the additional capability to dynamically create Istio Virtual services that have defined subdomain hosts that point to the nexus-repository-manager service. This negates the need to have to open up ports and modify the PPSM for each docker registry added. This change would also still allow the current docker registry port pattern.
Essentially what is supported currently in the chart via Istio Virtual Services is what is displayed below as number 2, what is being proposed as an additional supported feature is the bottom portion of that graphic.
This has been tested against a BB 1.56 Cluster with success using the following values.yaml overrides:
nexus:
docker:
enabled: true
registries:
- host: ${nexus_namespace}-registry.${EXTERNAL_DNS}
gateway: istio-system/public
port: 5000
docker_subdomain:
enabled: true
registries:
- host: ${nexus_namespace}-wrangler.${EXTERNAL_DNS}
gateway: istio-system/public
- host: ${nexus_namespace}-devup.${EXTERNAL_DNS}
gateway: istio-system/public
- host: ${nexus_namespace}-cdso.${EXTERNAL_DNS}
gateway: istio-system/public
- host: ${nexus_namespace}-780th-csd.${EXTERNAL_DNS}
gateway: istio-system/public
- host: ${nexus_namespace}-ironbank-proxy.${EXTERNAL_DNS}
gateway: istio-system/public
- host: ${nexus_namespace}-roboticknight-docker.${EXTERNAL_DNS}
gateway: istio-system/publicwhich resulted in these virtual services being created:
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-5000
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-registry.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager-docker-5000
port:
number: 5000
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-780th-csd
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-780th-csd.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-cdso
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-cdso.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-devup
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-devup.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-ironbank-proxy
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-ironbank-proxy.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-roboticknight-docker
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-roboticknight-docker.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081
---
- apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
annotations:
meta.helm.sh/release-name: nexus
meta.helm.sh/release-namespace: nexus
labels:
app.kubernetes.io/managed-by: Helm
helm.toolkit.fluxcd.io/name: nexus
helm.toolkit.fluxcd.io/namespace: bigbang
name: nexus-nexus-repository-manager-docker-nexus-wrangler
namespace: nexus
spec:
gateways:
- istio-system/public
hosts:
- nexus-wrangler.invalid
http:
- route:
- destination:
host: nexus-nexus-repository-manager
port:
number: 8081Reference Links: https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-subdomain-connector https://blog.sonatype.com/scale-up-your-enterprise-with-docker-subdomain-routing
Linked issue: #60 (closed)
Edited by Matt Vasquez