From 4bd5c34160eb982b7a76db8d19390bce6ad3be84 Mon Sep 17 00:00:00 2001 From: cvernooy23 Date: Fri, 14 Aug 2020 21:59:33 -0400 Subject: [PATCH 1/5] nexus-iq helm charts (helm 3) --- stable/nexus-iq/.helmignore | 23 +++ stable/nexus-iq/Chart.yaml | 35 ++++ stable/nexus-iq/LICENSE | 13 ++ stable/nexus-iq/README.md | 104 +++++++++++ stable/nexus-iq/templates/NOTES.txt | 22 +++ stable/nexus-iq/templates/_helpers.tpl | 64 +++++++ stable/nexus-iq/templates/configmap.yaml | 7 + stable/nexus-iq/templates/deployment.yaml | 84 +++++++++ .../nexus-iq/templates/image-pull-secret.yaml | 10 ++ stable/nexus-iq/templates/ingress.yaml | 45 +++++ stable/nexus-iq/templates/licenseSecret.yaml | 8 + .../nexus-iq/templates/persistentVolume.yaml | 13 ++ .../templates/persistentVolumeClaim.yaml | 22 +++ stable/nexus-iq/templates/service.yaml | 19 ++ stable/nexus-iq/templates/serviceaccount.yaml | 12 ++ .../templates/tests/test-connection.yaml | 15 ++ stable/nexus-iq/values.yaml | 162 ++++++++++++++++++ 17 files changed, 658 insertions(+) create mode 100644 stable/nexus-iq/.helmignore create mode 100644 stable/nexus-iq/Chart.yaml create mode 100644 stable/nexus-iq/LICENSE create mode 100644 stable/nexus-iq/README.md create mode 100644 stable/nexus-iq/templates/NOTES.txt create mode 100644 stable/nexus-iq/templates/_helpers.tpl create mode 100644 stable/nexus-iq/templates/configmap.yaml create mode 100644 stable/nexus-iq/templates/deployment.yaml create mode 100644 stable/nexus-iq/templates/image-pull-secret.yaml create mode 100644 stable/nexus-iq/templates/ingress.yaml create mode 100644 stable/nexus-iq/templates/licenseSecret.yaml create mode 100644 stable/nexus-iq/templates/persistentVolume.yaml create mode 100644 stable/nexus-iq/templates/persistentVolumeClaim.yaml create mode 100644 stable/nexus-iq/templates/service.yaml create mode 100644 stable/nexus-iq/templates/serviceaccount.yaml create mode 100644 stable/nexus-iq/templates/tests/test-connection.yaml create mode 100644 stable/nexus-iq/values.yaml diff --git a/stable/nexus-iq/.helmignore b/stable/nexus-iq/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/stable/nexus-iq/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stable/nexus-iq/Chart.yaml b/stable/nexus-iq/Chart.yaml new file mode 100644 index 0000000..0fd78d0 --- /dev/null +++ b/stable/nexus-iq/Chart.yaml @@ -0,0 +1,35 @@ +apiVersion: v2 +name: nexus-iq-server + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: 96.0.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: 1.96.0 + +description: Sonatype Nexus IQ Server continuously monitors your entire software supply chain + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +keywords: + - sonatype + - nexus + - lifecycle + - iq + - remediate + - vulnerabilities + - policy +home: https://www.sonatype.com/product-nexus-lifecycle +icon: https://www.sonatype.com/hubfs/2019%20Product%20logo/Lifecycle/NexusLifecycle_Vertical.svg +maintainers: + - email: cloud-ops@sonatype.com + name: Sonatype diff --git a/stable/nexus-iq/LICENSE b/stable/nexus-iq/LICENSE new file mode 100644 index 0000000..601ea1c --- /dev/null +++ b/stable/nexus-iq/LICENSE @@ -0,0 +1,13 @@ +Copyright (c) 2016-present Sonatype, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/stable/nexus-iq/README.md b/stable/nexus-iq/README.md new file mode 100644 index 0000000..08a95f3 --- /dev/null +++ b/stable/nexus-iq/README.md @@ -0,0 +1,104 @@ +# Sonatype IQ server + +[Sonatype Nexus IQ Server](https://www.sonatype.com/nexus-iq-server) is everything you need to know to trust your software supply chain. It powers Nexus Firewall, Nexus Lifecycle, and Nexus Auditor. + +### Prerequisites + +- Kubernetes 1.8+ with Beta APIs enabled +- PV provisioner support in the underlying infrastructure +- Helm 3 + +These charts are designed to work out of the box with minikube using both ingess and ingress-dns addons. + +The current releases have been tested on minikube v1.12.1 running k8s v1.18.3 + +## Adding the repo +To Add as a Helm Repo +```helm repo add sonatype https://sonatype.github.io/helm3-charts/``` + +## Testing the Chart +To test the chart: +```bash +$ helm install --dry-run --debug ./ +``` +To test the chart with your own values: +```bash +$ helm install --dry-run --debug -f my_values.yaml ./ +``` + +## Installing the Chart + +To install the chart: + +```bash +$ helm install nexus-iq sonatype/nexus-iq-server [ --version v90.0.0 ] +``` + +The above command deploys IQ on the Kubernetes cluster in the default configuration. Note the optional version flag. + +You can pass custom configuration values as: + +``` +helm install -f myvalues.yaml ./ --name sonatype- +``` + +The default login is admin/admin123 + +## Upgrading the Chart + +```helm upgrade nexus-iq sonatype/nexus-iq-server [--version v91.0.0]``` + +Note: optional version flag shown + +## Uninstalling the Chart + +To uninstall/delete the deployment: + +```bash +$ helm list +NAME REVISION UPDATED STATUS CHART NAMESPACE +plinking-gopher 1 Fri Sep 1 13:19:50 2017 DEPLOYED iqserver-0.1.0 default +$ helm delete plinking-gopher +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Chart Configuration Options + +| Parameter | Description | Default | +| -------------------- | ------------------------------------------------------------ | ----------------- | +| `iq.imageName` | The image name to use for the IQ Container, eg `sonatype/nexus-iq-server` | `"registry.connect.redhat.com/sonatype/nexus-iq-server"` | +| `iq.imagePullSecret` | The base-64 encoded secret to pull a container from Red Hat | `""` | +| `iq.applicationPort` | Port of the application connector. Must match the value in the `configYaml` property | `8070` | +| `iq.adminPort` | Port of the application connector. Must match the value in the `configYaml` property | `8071` | +| `iq.memory` | The amount of RAM to allocate | `1Gi` | +| `iq.licenseSecret` | The base-64 encoded license file to be installed at startup | `""` | +| `iq.configYaml` | A YAML block which will be used as a configuration block for IQ Server. | See `values.yaml` | +| `ingress.enabled` | Create an ingress for Nexus | `true` | +| `ingress.annotations` | Annotations to enhance ingress configuration | `{}` | +| `ingress.tls.enabled` | Enable TLS | `true` | +| `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` | +| `ingress.path` | Path for ingress rules. GCP users should set to `/*` | `/` | +| `deployment.preStart.command` | Command to run before starting the IQ Server container | `nil` | +| `deployment.postStart.command` | Command to run after starting the IQ Server container | `nil` | +| `deployment.terminationGracePeriodSeconds` | Update termination grace period (in seconds) | 120s | +| `persistence.storageClass` | The provisioner class | `-` (disables dynamic provisioning | +| `persistence.storageSize` | The amount of drive space to allocate | `1Gi` | +| `persistence.accessMode` | Default access mode | `ReadWriteOnce` | +| `persistence.volumeConfiguration` | A YAML block to configure the persistent volume type. Defaults to `hostPath` which should not be used in production | `hostPath` | + + + +## Configuring IQ Server + +You can define the `config.yml` for IQ Server in your `myvalues.yml` file on startup. +It is the `iq.configYaml` property. For more details, see the [Configuring IQ Server](https://help.sonatype.com/iqserver/configuring) help page. + +## Installing the License + +The license file can be installed via the UI when IQ server is running, or it can be done as a part of the deploy. +If you leave the `licenseFile` field empty/commented, IQ Server will start and prompt you to manually install the license +when you first enter the GUI. + +## 413 Errors +The default setting for Nginx allows for very small upload sizes. Add this annotation to the ingress for each product to remove teh limit: nginx.ingress.kubernetes.io/proxy-body-size: "0" diff --git a/stable/nexus-iq/templates/NOTES.txt b/stable/nexus-iq/templates/NOTES.txt new file mode 100644 index 0000000..9a53d71 --- /dev/null +++ b/stable/nexus-iq/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.serviceType }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "iqserver.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.serviceType }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "iqserver.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "iqserver.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.appliocationPort }} +{{- else if contains "ClusterIP" .Values.service.serviceType }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mychart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 +{{- end }} + diff --git a/stable/nexus-iq/templates/_helpers.tpl b/stable/nexus-iq/templates/_helpers.tpl new file mode 100644 index 0000000..45a7272 --- /dev/null +++ b/stable/nexus-iq/templates/_helpers.tpl @@ -0,0 +1,64 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "iqserver.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "iqserver.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "iqserver.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "iqserver.labels" -}} +app.kubernetes.io/name: {{ include "iqserver.name" . }} +helm.sh/chart: {{ include "iqserver.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "iqserver.selectorLabels" -}} +app.kubernetes.io/name: {{ include "iqserver.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "iqserver.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "iqserver.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/nexus-iq/templates/configmap.yaml b/stable/nexus-iq/templates/configmap.yaml new file mode 100644 index 0000000..881c946 --- /dev/null +++ b/stable/nexus-iq/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "iqserver.fullname" . }} +data: + config.yml: | +{{ toYaml .Values.configYaml | indent 4 }} diff --git a/stable/nexus-iq/templates/deployment.yaml b/stable/nexus-iq/templates/deployment.yaml new file mode 100644 index 0000000..97e50dd --- /dev/null +++ b/stable/nexus-iq/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "iqserver.fullname" . }} + labels: + {{- include "iqserver.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.deploymentStrategy }} + selector: + matchLabels: + {{- include "iqserver.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "iqserver.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "iqserver.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: application + containerPort: {{ .Values.iq.applicationPort }} + protocol: TCP + - name: admin + containerPort: {{ .Values.iq.adminPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /ping + port: admin + readinessProbe: + httpGet: + path: / + port: application + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - mountPath: /sonatype-work + name: nxiq-pv-data + - mountPath: /etc/nexus-iq-server + name: config-volume + {{- if .Values.iq.licenseSecret }} + - mountPath: /etc/nexus-iq-license + name: license-volume + {{- end }} + volumes: + - name: nxiq-pv-data + persistentVolumeClaim: + claimName: {{ template "iqserver.fullname" . }}-data + - name: config-volume + configMap: + name: {{ template "iqserver.fullname" . }} + items: + - key: config.yml + path: config.yml + {{- if .Values.iq.licenseSecret }} + - name: license-volume + secret: + secretName: {{ template "iqserver.fullname" . }}-license + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/stable/nexus-iq/templates/image-pull-secret.yaml b/stable/nexus-iq/templates/image-pull-secret.yaml new file mode 100644 index 0000000..ec1af28 --- /dev/null +++ b/stable/nexus-iq/templates/image-pull-secret.yaml @@ -0,0 +1,10 @@ +{{- if .Values.iq.imagePullSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "iqserver.fullname" . }}-imagepull +data: + .dockerconfigjson: {{ .Values.iq.imagePullSecret }} + +type: kubernetes.io/dockerconfigjson +{{- end }} \ No newline at end of file diff --git a/stable/nexus-iq/templates/ingress.yaml b/stable/nexus-iq/templates/ingress.yaml new file mode 100644 index 0000000..85f4acb --- /dev/null +++ b/stable/nexus-iq/templates/ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "iqserver.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $ingressPath := .Values.ingress.path -}} +{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "iqserver.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + - host: iq-server.demo + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: 8070 + - host: admin.iq-server.demo + http: + paths: + - path: {{ $ingressPath }} + backend: + serviceName: {{ $fullName }} + servicePort: 8071 +{{- end }} diff --git a/stable/nexus-iq/templates/licenseSecret.yaml b/stable/nexus-iq/templates/licenseSecret.yaml new file mode 100644 index 0000000..63ae46f --- /dev/null +++ b/stable/nexus-iq/templates/licenseSecret.yaml @@ -0,0 +1,8 @@ +{{- if .Values.iq.licenseSecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "iqserver.fullname" . }}-license +data: + license_lic: {{ .Values.iq.licenseSecret }} +{{- end }} diff --git a/stable/nexus-iq/templates/persistentVolume.yaml b/stable/nexus-iq/templates/persistentVolume.yaml new file mode 100644 index 0000000..2a9ac2b --- /dev/null +++ b/stable/nexus-iq/templates/persistentVolume.yaml @@ -0,0 +1,13 @@ +{{- if .Values.persistence.volumeConfiguration -}} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ template "iqserver.fullname" . }}-data +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + capacity: + storage: {{ .Values.persistence.storageSize }} + persistentVolumeReclaimPolicy: Recycle +{{ toYaml .Values.persistence.volumeConfiguration | indent 2 }} +{{- end }} diff --git a/stable/nexus-iq/templates/persistentVolumeClaim.yaml b/stable/nexus-iq/templates/persistentVolumeClaim.yaml new file mode 100644 index 0000000..97d5498 --- /dev/null +++ b/stable/nexus-iq/templates/persistentVolumeClaim.yaml @@ -0,0 +1,22 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "iqserver.fullname" . }}-data + labels: + {{- if .Values.persistence.annotations }} +annotations: + {{ toYaml .Values.persistence.annotations | indent 4 }} + {{- end }} +spec: + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.storageSize | quote }} diff --git a/stable/nexus-iq/templates/service.yaml b/stable/nexus-iq/templates/service.yaml new file mode 100644 index 0000000..de9980f --- /dev/null +++ b/stable/nexus-iq/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "iqserver.fullname" . }} + labels: + {{- include "iqserver.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: 8070 + targetPort: application + protocol: TCP + name: application + - port: 8071 + targetPort: admin + protocol: TCP + name: admin + selector: + {{- include "iqserver.selectorLabels" . | nindent 4 }} diff --git a/stable/nexus-iq/templates/serviceaccount.yaml b/stable/nexus-iq/templates/serviceaccount.yaml new file mode 100644 index 0000000..9fee644 --- /dev/null +++ b/stable/nexus-iq/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "iqserver.serviceAccountName" . }} + labels: + {{- include "iqserver.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/stable/nexus-iq/templates/tests/test-connection.yaml b/stable/nexus-iq/templates/tests/test-connection.yaml new file mode 100644 index 0000000..ce226fe --- /dev/null +++ b/stable/nexus-iq/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "iqserver.fullname" . }}-test-connection" + labels: + {{- include "iqserver.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "iqserver.fullname" . }}:{{ .Values.iq.applicationPort }}'] + restartPolicy: Never diff --git a/stable/nexus-iq/values.yaml b/stable/nexus-iq/values.yaml new file mode 100644 index 0000000..adcf2bc --- /dev/null +++ b/stable/nexus-iq/values.yaml @@ -0,0 +1,162 @@ +# Default values for iqserver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +replicaCount: 1 +image: + repository: sonatype/nexus-iq-server + pullPolicy: IfNotPresent + +iq: + name: nxiq + hostname: iq-server.demo + imageName: sonatype/nexus-iq-server + applicationPort: 8070 + adminPort: 8071 + memory: 1Gi + # base 64 encoded license file with no line breaks + licenseSecret: "" + # add this line with this file path and the `licenseSecret` above to autoconfigure licensing + # licenseFile: /etc/nexus-iq-license/license_lic + + +deploymentStrategy: Recreate +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + annotations: {kubernetes.io/ingress.class: nginx} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - host: iq-server.demo + paths: [/] + - host: admin.iq-server.demo + paths: [/] + tls: [] + # - secretName: nexus-local-tls + # hosts: + # - iqserver.local + # - admin.iqserver.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + accessMode: ReadWriteOnce + ## If defined, storageClass: + ## If set to "-", storageClass: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClass spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + # storageClass: "-" + storageSize: 1Gi + # existingClaim: + # annotations: + # "helm.sh/resource-policy": keep + ## Configure the volume type. + # volumeConfiguration: + # hostPath: + # path: /data/nxiq/ + +# configYaml is the full text of the config.yml file that will be passed to IQ Server +configYaml: + baseUrl: http://iq-server.demo + sonatypeWork: /sonatype-work + server: + applicationConnectors: + - type: http + port: 8070 + adminConnectors: + - type: http + port: 8071 + # HTTP request log settings. + requestLog: + appenders: + #All appenders set to console + - type: console + # Do not display log statements below this threshold to stdout. + threshold: INFO + logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\"" + + createSampleData: true + + logging: + + # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. + level: ERROR + + # Logger-specific settings. + loggers: + "com.sonatype.insight.scan": INFO + "eu.medsea.mimeutil.MimeUtil2": INFO + "org.apache.http": INFO + "org.apache.http.wire": ERROR + "org.eclipse.birt.report.engine.layout.pdf.font.FontConfigReader": WARN + "org.eclipse.jetty": INFO + "org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter": INFO # WARNING: This reveals credentials at DEBUG level + "com.sonatype.insight.audit": + appenders: + #All appenders set to console + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + "com.sonatype.insight.policy.violation": + appenders: + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + appenders: + + # Settings for logging to stdout. + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + logFormat: "%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n" -- GitLab From 4f243c1bcba613f8885b5ae3efed9771991d519c Mon Sep 17 00:00:00 2001 From: cvernooy Date: Mon, 17 Aug 2020 20:29:13 +0000 Subject: [PATCH 2/5] Add new file --- stable/nexus-iq/values-ironbank.yaml | 164 +++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 stable/nexus-iq/values-ironbank.yaml diff --git a/stable/nexus-iq/values-ironbank.yaml b/stable/nexus-iq/values-ironbank.yaml new file mode 100644 index 0000000..07a0815 --- /dev/null +++ b/stable/nexus-iq/values-ironbank.yaml @@ -0,0 +1,164 @@ +# Default values for iqserver. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +replicaCount: 1 +image: + repository: registry1.dsop.io/sonatype/nexus-iq-server/nexus-iq-server + tag: 1.97.0-01 + pullPolicy: IfNotPresent + + +iq: + name: nxiq + hostname: iq-server.demo + imageName: sonatype/nexus-iq-server + applicationPort: 8070 + adminPort: 8071 + memory: 1Gi + # base 64 encoded license file with no line breaks + licenseSecret: "" + # add this line with this file path and the `licenseSecret` above to autoconfigure licensing + # licenseFile: /etc/nexus-iq-license/license_lic + + +deploymentStrategy: Recreate +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: true + annotations: {kubernetes.io/ingress.class: nginx} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + path: / + hosts: + - host: iq-server.demo + paths: [/] + - host: admin.iq-server.demo + paths: [/] + tls: [] + # - secretName: nexus-local-tls + # hosts: + # - iqserver.local + # - admin.iqserver.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +persistence: + accessMode: ReadWriteOnce + ## If defined, storageClass: + ## If set to "-", storageClass: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClass spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + # storageClass: "-" + storageSize: 1Gi + # existingClaim: + # annotations: + # "helm.sh/resource-policy": keep + ## Configure the volume type. + # volumeConfiguration: + # hostPath: + # path: /data/nxiq/ + +# configYaml is the full text of the config.yml file that will be passed to IQ Server +configYaml: + baseUrl: http://iq-server.demo + sonatypeWork: /sonatype-work + server: + applicationConnectors: + - type: http + port: 8070 + adminConnectors: + - type: http + port: 8071 + # HTTP request log settings. + requestLog: + appenders: + #All appenders set to console + - type: console + # Do not display log statements below this threshold to stdout. + threshold: INFO + logFormat: "%clientHost %l %user [%date] \"%requestURL\" %statusCode %bytesSent %elapsedTime \"%header{User-Agent}\"" + + createSampleData: true + + logging: + + # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL. + level: ERROR + + # Logger-specific settings. + loggers: + "com.sonatype.insight.scan": INFO + "eu.medsea.mimeutil.MimeUtil2": INFO + "org.apache.http": INFO + "org.apache.http.wire": ERROR + "org.eclipse.birt.report.engine.layout.pdf.font.FontConfigReader": WARN + "org.eclipse.jetty": INFO + "org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter": INFO # WARNING: This reveals credentials at DEBUG level + "com.sonatype.insight.audit": + appenders: + #All appenders set to console + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + "com.sonatype.insight.policy.violation": + appenders: + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + appenders: + + # Settings for logging to stdout. + - type: console + + # Do not display log statements below this threshold to stdout. + threshold: INFO + + logFormat: "%d{'yyyy-MM-dd HH:mm:ss,SSSZ'} %level [%thread] %X{username} %logger - %msg%n" -- GitLab From 3d6b3da02d35a7c0661c028fc02092af2495788b Mon Sep 17 00:00:00 2001 From: cvernooy Date: Tue, 18 Aug 2020 14:09:53 +0000 Subject: [PATCH 3/5] Add new file --- stable/nexus-iq/IRONBANK.md.gotmpl | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 stable/nexus-iq/IRONBANK.md.gotmpl diff --git a/stable/nexus-iq/IRONBANK.md.gotmpl b/stable/nexus-iq/IRONBANK.md.gotmpl new file mode 100644 index 0000000..f4ca7bd --- /dev/null +++ b/stable/nexus-iq/IRONBANK.md.gotmpl @@ -0,0 +1,24 @@ +{{ template "chart.header" . }} +{{ template "chart.description" . }} + +Version: {{ template "chart.version" . }} + +## Introduction + +This repository tracks the upstream [sonatype/nexus-iq-server](https://github.com/sonatype/helm3-charts/tree/master/nexus-iq) Helm chart. + +A `values-ironbank.yaml` file is included with required parameters for deployment. + +- Uses Ironbank images + +Reference the original [README](./README-original.md) for additional instructions. + +## Installation + +```shell +helm install ./ --name harbor --set tls.enabled=true,tls.certSecret=tls-ssl-minio -f values-ironbank.yaml +``` + +## Configuration + +{{ template "chart.valuesTable" . }} -- GitLab From 19f6c0c4c32375221ddb47261df3b7fc74e0e8db Mon Sep 17 00:00:00 2001 From: cvernooy Date: Tue, 18 Aug 2020 14:10:52 +0000 Subject: [PATCH 4/5] Update README.md --- stable/nexus-iq/{README.md => README-original.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename stable/nexus-iq/{README.md => README-original.md} (100%) diff --git a/stable/nexus-iq/README.md b/stable/nexus-iq/README-original.md similarity index 100% rename from stable/nexus-iq/README.md rename to stable/nexus-iq/README-original.md -- GitLab From ec0b32f62885f69224537ad803926ecce0cae3bd Mon Sep 17 00:00:00 2001 From: cvernooy Date: Tue, 18 Aug 2020 14:12:51 +0000 Subject: [PATCH 5/5] Update IRONBANK.md.gotmpl --- stable/nexus-iq/IRONBANK.md.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/nexus-iq/IRONBANK.md.gotmpl b/stable/nexus-iq/IRONBANK.md.gotmpl index f4ca7bd..cc55a75 100644 --- a/stable/nexus-iq/IRONBANK.md.gotmpl +++ b/stable/nexus-iq/IRONBANK.md.gotmpl @@ -16,7 +16,7 @@ Reference the original [README](./README-original.md) for additional instruction ## Installation ```shell -helm install ./ --name harbor --set tls.enabled=true,tls.certSecret=tls-ssl-minio -f values-ironbank.yaml +helm install -f values-ironbank.yaml ./ --name sonatype- ``` ## Configuration -- GitLab