fix chart, added admin credentials in config, added jvm params, clean…

…up tailor templates
opendevstack · Mar 27, 2024 · 3a4d3ca · 3a4d3ca
1 parent 4334407
commit 3a4d3ca
Show file tree

Hide file tree

Showing 17 changed files with 72 additions and 338 deletions.
diff --git a/Makefile b/Makefile
@@ -4,9 +4,10 @@ SHELL = /bin/bash
 MAKEFLAGS += --warn-undefined-variables
 MAKEFLAGS += --no-builtin-rules
 
-ODS_NAMESPACE := $(shell $(CURDIR)/scripts/get-config-param.sh ODS_NAMESPACE)
-NEXUS_URL := $(shell $(CURDIR)/scripts/get-config-param.sh NEXUS_URL)
-SONARQUBE_URL := $(shell $(CURDIR)/scripts/get-config-param.sh SONARQUBE_URL)
+# Load environment variables from .env file
+include ../ods-configuration/ods-core.env
+export $(shell sed 's/=.*//' ../ods-configuration/ods-core.env)
+
 INSECURE := false
 INSECURE_FLAG :=
 ifeq ($(INSECURE), $(filter $(INSECURE), true yes))
@@ -147,27 +148,23 @@ configure-sonarqube:
 
 # NEXUS
 ## Install or update Nexus.
-install-nexus: apply-nexus-build start-nexus-build apply-nexus-deploy
+install-nexus: apply-nexus-chart start-nexus-build
 .PHONY: nexus
 
-## Update OpenShift resources related to the Nexus image.
-apply-nexus-build:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) bc,is
-.PHONY: apply-nexus-build
+## Apply OpenShift resources related to the Nexus.
+apply-nexus-chart:
+#	cd nexus/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) nexus . && rm values.yaml
+	cd nexus/chart && envsubst < values.yaml.template > values.yaml && helm upgrade --install --namespace $(ODS_NAMESPACE) nexus .
+.PHONY: apply-nexus-chart
 
 ## Start build of BuildConfig "nexus".
 start-nexus-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config nexus
 .PHONY: start-nexus-build
 
-## Update OpenShift resources related to the Nexus service.
-apply-nexus-deploy:
-	cd nexus/ocp-config && tailor apply --namespace $(ODS_NAMESPACE) --exclude bc,is
-.PHONY: apply-nexus-deploy
-
 ## Configure Nexus service.
 configure-nexus:
-	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) $(INSECURE_FLAG)
+	cd nexus && ./configure.sh --namespace $(ODS_NAMESPACE) --nexus=$(NEXUS_URL) --admin-password=$(NEXUS_ADMIN_PASSWORD) $(INSECURE_FLAG)
 .PHONY: configure-nexus
 ### configure-nexus is not part of install-nexus because it is not idempotent yet.
 

diff --git a/configuration-sample/ods-core.env.sample b/configuration-sample/ods-core.env.sample
@@ -60,11 +60,16 @@ NEXUS_URL=https://nexus-cd.192.168.56.101.nip.io
 NEXUS_USERNAME=developer
 NEXUS_PASSWORD=changeme
 NEXUS_PASSWORD_B64=changeme
+# Password of Nexus administrator - should be set to a secure password
+# of your choice.
+NEXUS_ADMIN_PASSWORD=changeme
+NEXUS_ADMIN_PASSWORD_B64=changeme
 # Nexus (basic) authentication username:password
 NEXUS_AUTH=developer:changeme
 
-# All params defined in the template https://github.com/opendevstack/ods-core/blob/master/nexus/ocp-config/bc.yml
-# can be overwritten by specifying the param in this file.
+# Nexus JVM parameters, adjust acording to organization size
+# See https://help.sonatype.com/en/sonatype-nexus-repository-system-requirements.html
+NEXUS_JVM_PARAMS="-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
 
 #############
 # SonarQube #

diff --git a/nexus/chart/templates/NOTES.txt b/nexus/chart/templates/NOTES.txt
@@ -1 +1 @@
-OpenDevStack Nexus OSS edition on version {{ .Values.nexus.nexusTag }} released with Helm!
+OpenDevStack Nexus OSS edition on version {{ .Values.global.nexusImageTag }} released with Helm!
diff --git a/nexus/chart/templates/buildconfig.yaml b/nexus/chart/templates/buildconfig.yaml
@@ -33,7 +33,7 @@ spec:
     dockerStrategy:
       from:
         kind: DockerImage
-        name: sonatype/nexus3:{{ .Values.nexus.nexusImageTag }}
+        name: sonatype/nexus3:{{ .Values.global.nexusImageTag }}
       forcePull: true
       noCache: true
   successfulBuildsHistoryLimit: 5
diff --git a/nexus/chart/templates/deploymentconfig.yml b/nexus/chart/templates/deploymentconfig.yml
@@ -70,8 +70,8 @@ spec:
             timeoutSeconds: 2
             failureThreshold: 3
           env:
-            - name: SONAR_AUTH_SAML_ENABLED
-              value: '{{ .Values.sonarqube.sonarAuthSaml }}'
+            - name: INSTALL4J_ADD_VM_PARAMS
+              value: '{{ .Values.global.nexusJvmParams }}'
           ports:
             - containerPort: 8081
               protocol: TCP

diff --git a/nexus/chart/templates/route-docker.yaml b/nexus/chart/templates/route-docker.yaml
@@ -3,7 +3,7 @@ kind: Route
 metadata:
   labels:
     app: {{ .Values.global.appName }}
-  name: {{ .Values.global.appName }}
+  name: {{ .Values.global.appName }}-docker
 spec:
   host: {{ .Values.global.nexusDockerGroup }}-{{ .Values.global.odsNamespace }}{{ .Values.global.openshiftAppDomain}}
   port:

diff --git a/nexus/chart/templates/secret.yaml b/nexus/chart/templates/secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+data:
+  admin-password: {{ .Values.global.nexusAdminPasswordB64 }}
+metadata:
+  labels:
+    app: {{ .Values.global.appName }}
+  name: {{ .Values.global.appName }}-app
+type: Opaque
diff --git a/nexus/chart/values.yaml b/nexus/chart/values.yaml
@@ -1,18 +1,19 @@
 global:
-  odsImageTag: $ODS_IMAGE_TAG
-  repoBase: $REPO_BASE
-  odsBitBucketProject: $ODS_BITBUCKET_PROJECT
-  odsGitRef: $ODS_GIT_REF
-  odsNamespace: $ODS_NAMESPACE
-  nexusImageTag: $NEXUS_IMAGE_TAG
+  odsImageTag: latest
+  repoBase: https://bitbucket-dev.biscrum.com/scm
+  odsBitBucketProject: odstest
+  odsGitRef: feature/nexus-maintenance
+  odsNamespace: odstest
+  nexusImageTag: 3.66.0
   appName: 'nexus'
-  storageProvisioner: $STORAGE_PROVISIONER
-  storageClassData: $STORAGE_CLASS_DATA
-  nexusHost: $NEXUS_HOST
-  nexusAdminPasswordB64: $SONAR_ADMIN_PASSWORD_B64
-  registry: $DOCKER_REGISTRY
-  openshiftAppDomain: $OPENSHIFT_APPS_BASEDOMAIN
+  storageProvisioner: "netapp.io/trident"
+  storageClassData: "standard-nas"
+  nexusHost: nexus-odstest.apps.us-test.ocp.aws.boehringer.com
+  nexusAdminPasswordB64: YWRtaW4=
+  registry: image-registry.openshift-image-registry.svc:5000
+  openshiftAppDomain: .apps.us-test.ocp.aws.boehringer.com
   nexusDockerGroup: 'docker-group'
+  nexusJvmParams: "-Xms2703m -Xmx2703m -XX:MaxDirectMemorySize=2703m -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
 nexus:
   cpuRequest: 200m
   cpuLimit: 1

diff --git a/nexus/chart/values.yaml.template b/nexus/chart/values.yaml.template
@@ -0,0 +1,26 @@
+global:
+  odsImageTag: $ODS_IMAGE_TAG
+  repoBase: $REPO_BASE
+  odsBitBucketProject: $ODS_BITBUCKET_PROJECT
+  odsGitRef: $ODS_GIT_REF
+  odsNamespace: $ODS_NAMESPACE
+  nexusImageTag: $NEXUS_IMAGE_TAG
+  appName: 'nexus'
+  storageProvisioner: $STORAGE_PROVISIONER
+  storageClassData: $STORAGE_CLASS_DATA
+  nexusHost: $NEXUS_HOST
+  nexusAdminPasswordB64: $NEXUS_ADMIN_PASSWORD_B64
+  registry: $DOCKER_REGISTRY
+  openshiftAppDomain: $OPENSHIFT_APPS_BASEDOMAIN
+  nexusDockerGroup: 'docker-group'
+  nexusJvmParams: $NEXUS_JVM_PARAMS
+nexus:
+  cpuRequest: 200m
+  cpuLimit: 1
+  memRequest: 2Gi
+  memLimit: 4Gi
+buildConfig:
+  cpuRequest: 200m
+  cpuLimit: 1
+  memRequest: 1Gi
+  memLimit: 2Gi
diff --git a/nexus/docker/Dockerfile b/nexus/docker/Dockerfile
@@ -1,2 +1,2 @@
-# FROM instruction is overwritten with NEXUS_FROM_IMAGE.
+# FROM instruction is overwritten with BuildConfig and NEXUS_IMAGE_TAG.
 FROM sonatype/nexus3:latest
diff --git a/nexus/ocp-config/Tailorfile b/nexus/ocp-config/Tailorfile
diff --git a/nexus/ocp-config/bc.yml b/nexus/ocp-config/bc.yml
diff --git a/nexus/ocp-config/dc.yml b/nexus/ocp-config/dc.yml
diff --git a/nexus/ocp-config/is.yml b/nexus/ocp-config/is.yml