UNCLASSIFIED - NO CUI

Skip to content

Nexus docker subdomain enable

Matt Vasquez requested to merge nexus-docker-subdomain-enable into main

This MR enables Support for the Nexus Docker Subdomain Connector to be added to the chart. This would result in the additional capability to dynamically create Istio Virtual services that have defined subdomain hosts that point to the nexus-repository-manager service. This negates the need to have to open up ports and modify the PPSM for each docker registry added. This change would also still allow the current docker registry port pattern.

Essentially what is supported currently in the chart via Istio Virtual Services is what is displayed below as number 2, what is being proposed as an additional supported feature is the bottom portion of that graphic.

image

This has been tested against a BB 1.56 Cluster with success using the following values.yaml overrides:

nexus:
  docker:
    enabled: true
    registries:
      - host: ${nexus_namespace}-registry.${EXTERNAL_DNS}
        gateway: istio-system/public
        port: 5000
  docker_subdomain:
    enabled: true
    registries:
      - host: ${nexus_namespace}-wrangler.${EXTERNAL_DNS}
        gateway: istio-system/public
      - host: ${nexus_namespace}-devup.${EXTERNAL_DNS}
        gateway: istio-system/public
      - host: ${nexus_namespace}-cdso.${EXTERNAL_DNS}
        gateway: istio-system/public
      - host: ${nexus_namespace}-780th-csd.${EXTERNAL_DNS}
        gateway: istio-system/public
      - host: ${nexus_namespace}-ironbank-proxy.${EXTERNAL_DNS}
        gateway: istio-system/public
      - host: ${nexus_namespace}-roboticknight-docker.${EXTERNAL_DNS}
        gateway: istio-system/public

which resulted in these virtual services being created:

---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-5000
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-registry.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager-docker-5000
          port:
            number: 5000                                                                                                                                                      
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-780th-csd
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-780th-csd.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-cdso
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-cdso.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-devup
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-devup.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-ironbank-proxy
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-ironbank-proxy.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-roboticknight-docker
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-roboticknight-docker.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081
---
- apiVersion: networking.istio.io/v1beta1
  kind: VirtualService
  metadata:
    annotations:
      meta.helm.sh/release-name: nexus
      meta.helm.sh/release-namespace: nexus
    labels:
      app.kubernetes.io/managed-by: Helm
      helm.toolkit.fluxcd.io/name: nexus
      helm.toolkit.fluxcd.io/namespace: bigbang
    name: nexus-nexus-repository-manager-docker-nexus-wrangler
    namespace: nexus
  spec:
    gateways:
    - istio-system/public
    hosts:
    - nexus-wrangler.invalid
    http:
    - route:
      - destination:
          host: nexus-nexus-repository-manager
          port:
            number: 8081

Reference Links: https://help.sonatype.com/repomanager3/nexus-repository-administration/formats/docker-registry/docker-subdomain-connector https://blog.sonatype.com/scale-up-your-enterprise-with-docker-subdomain-routing

Linked issue: #60 (closed)

Edited by Matt Vasquez

Merge request reports

Loading