Nexus Operator

Overview

This repository contains the code to build a nexus Operator for Kubernetes, including Red Hat OpenShift Container Platform.

The Operator will create an instance of Nexus Repository Manager.

It is implemented on top of the Red Hat Operator SDK - in particular the Ansible Operator.

Building the Operator

There is a script develop/operate.sh which will download the prerequisites (operator-sdk etc.), build the operator artifacts from operator-sdk defaults, package and push the operator container image, deploy the artifacts to a Kubernetes cluster, and create a kind: Nexus CR to deploy an instance. You should use the help page to look at what the various options do, but for the most part if you want to deploy Nexus to a cluster directly from this repo you could run develop/operate.sh -d.

Before running the script make sure to update the location of the container image to a repository you have access to. If you decide to build your own container image for the operator, make sure to update develop/operate.conf with an updated container image location and add the -p flag to operate.sh.

Installation

Operator Installation Steps

The installation of the Custom Resource Definition and Cluster Role requires cluster-admin privileges. After that regular users with admin privileges on their projects (which is automatically granted to the user who creates a project) can provision the Nexus Operator in their projects and deploy instances of nexus using the nexus.redhatgov.io Custom Resource.

Perform the following tasks as cluster-admin:

1. Deploy the CustomResourceDefinition, ClusterRole, ClusterRoleBinding, ServiceAccount, and Operator Deployment:

   develop/operate.sh

2. Once the Operator pod is running the Operator is ready to start creating Nexus Servers.

3. To deploy the above, and also one of the config/samples/redhatgov_v1alpha1_nexus*.yaml example CustomResources:

   develop/operate.sh --deploy-cr

4. To install the operator with RBAC scoped to a specific namespace, deploying a Role and RoleBinding instead of a ClusterRole and ClusterRoleBinding:

   develop/operate.sh --overlay=namespaced --namespace=mynamespace

Deploying a custom nexus instance using the Operator

A nexus instance is deployed by creating a Custom Resource based on the nexus Custom Resource Definition.

Example

apiVersion: redhatgov.io/v1alpha1
kind: Nexus
metadata:
  name: nexus-sample
spec:
  nexus:
    expose:
      ssl: true                           # There is currently no way to specify an alternate certificate
      uri: nexus-sample.example.com   # You can leave this field out on OpenShift to get the default
      kind: Ingress                       # This can be of kind Route on OpenShift (the default)
      oauth: false
    image:
      src: registry.connect.redhat.com/sonatype/nexus-repository-manager
      tag: latest
      pullPolicy: Always
    volumeSize: 10Gi
  persistent: true

1. Write the definition to a file (e.g. nexus.yaml) and then create the Nexus instance:

   oc create -f ./nexus.yaml

2. You can validate the existence of your nexus instance by querying for nexus objects:

   oc get nexus

3. Get the Route for nexus:

   oc get route

4. The admin user credentials are stored in a secret. The secret is created once nexus comes online. In the example above, the nexus repo is named nexus-sample, so the secret is called nexus-sample-admin-credentials

5. Use oc get -o yaml secret nexus-sample-admin-credentials to see the base64 encoded values of the admin username and password.

6. Decode the values and use them to login to the nexus repo.

Deleting a Nexus instance

Deleting a Nexus instance and its associated resources is as simple as deleting the nexus object. If you created a nexus server called nexus-example as in the example above it suffices to run the delete command on that resource:

oc delete nexus nexus-example

The Operator adds ownerReference fields to all created objects - which means that deleting the nexus object also deletes all objects that have been created by the Operator.

Uninstalling the nexus Operator

In case you wish to uninstall the nexus Operator make sure that there are no more nexus instances running. Once all nexus instances have been deleted simply delete the operator and its resources with:

develop/operate.sh --remove

Notes on disconnected installations

The Operator SDK makes heavy use of Kustomize for development and installation, but intends bundles to be generated for use in an operator catalog. This enables the Operator Lifecycle Manager, deployed onto your cluster, to install and configure operators with a simple kind: Subscription object, instead of a large collection of manifests. If you intend on using develop/operate.sh it expects you to be in a development environment. Operator installation from this script therefore expects access to the internet. This comes with one extra concern: If kustomize isn’t in your path, it tries to download it from the internet and save it locally into a .gitignore`d folder. If you intend on using `develop/operate.sh to install the operator, you should also bring kustomize and place it in the $PATH of the user who will be running the script.

To change the image sources for all necessary images for develop/operate.sh to deploy the operator, you need to have the following images hosted in a container repository on your disconnected network:

1. quay.io/redhatgov/nexus-operator:latest

2. registry.connect.redhat.com/sonatype/nexus-repository-manager:latest

3. registry.access.redhat.com/ubi8/ubi-minimal:latest

4. registry.redhat.io/openshift4/ose-oauth-proxy:latest

The places where you must update those sources are then, respectively:

1. develop/operate.conf: IMG should point to the nexus-operator image in your environment before running develop/operate.sh

2. The kind: nexus custom resource manifest: spec.nexus.image.src and spec.nexus.image.tag should be updated

OLM installation using a custom catalog source

WIP