dmi3mis · March 17, 2023 01:17 · Mar 17, 2023
diff --git a/Nexus3.yaml b/Nexus3.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps.m88i.io/v1alpha1
+kind: Nexus
+metadata:
+  name: nexus3
+spec:
+  serviceAccountName: nexus3
+  resources:
+    limits:
+      cpu: '2'
+      memory: 3Gi
+    requests:
+      cpu: '1'
+      memory: 2Gi
+  readinessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 240
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 15
+  useRedHatImage: true
+  livenessProbe:
+    failureThreshold: 3
+    initialDelaySeconds: 240
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 15
+  serverOperations: {}
+  automaticUpdate:
+    disabled: true
+  networking:
+    expose: true
+    exposeAs: Route
+    tls:
+      mandatory: true
+  image: registry.connect.redhat.com/sonatype/nexus-repository-manager
+  replicas: 1
+  persistence:
+    extraVolumes:
+      - emptyDir:
+          medium: ''
+        mountPath: /nexus-data/etc/logback
+        name: logback
+    persistent: true
+    volumeSize: 10Gi
diff --git a/allow-nexus-userid-200-scc.yaml b/allow-nexus-userid-200-scc.yaml
@@ -0,0 +1,23 @@
+apiVersion: security.openshift.io/v1
+kind: SecurityContextConstraints
+metadata:
+  name: allow-nexus-userid-200
+fsGroup:
+  ranges:
+    - max: 200
+      min: 200
+  type: MustRunAs
+runAsUser:
+  type: MustRunAs
+  uid: 200
+seLinuxContext:
+  type: MustRunAs
+supplementalGroups:
+  ranges:
+    - max: 200
+      min: 200
+  type: MustRunAs
+volumes:
+  - configMap
+  - persistentVolumeClaim
+  - secret
diff --git a/gistfile1.txt b/gistfile1.txt
@@ -0,0 +1,36 @@
+apiVersion: apps.m88i.io/v1alpha1
+kind: Nexus
+metadata:
+  name: nexus3
+spec:
+  # Number of Nexus pod replicas (can't be increased after creation)
+  replicas: 1
+  # Here you can specify the image version to fulfill your needs. Defaults to docker.io/sonatype/nexus3:latest if useRedHatImage is set to false
+  #image: "docker.io/sonatype/nexus3:latest"
+  # let's use the centOS image since we do not have access to Red Hat Catalog
+  useRedHatImage: true
+  # Set the resources requests and limits for Nexus pods. See: https://help.sonatype.com/repomanager3/system-requirements
+  resources:
+    limits:
+      cpu: "2"
+      memory: "2Gi"
+    requests:
+      cpu: "1"
+      memory: "2Gi"
+  # Data persistence details
+  persistence:
+    # Should we persist Nexus data? Yes, please. (turn this to false only if you're evaluating this resource)
+    persistent: true
+    # Size of the volume reserved for the pods. Be aware that if replicas greater then 1, a RWX Persistent Volume will be created, hence
+    # make sure that your cluster has support for this configuration. Ignored if persistent is set to false. Defaults to 10Gi
+    volumeSize: 10Gi
+  # bugfix  https://github.com/m88i/nexus-operator/issues/223  " RuntimeException: AccessDeniedException: /nexus-data/etc/logback"
+  extraVolumes:
+      - emptyDir:
+          medium: ''
+        mountPath: /nexus-data/etc/logback
+        name: logback
+
+  networking:
+    # let the operator expose the Nexus server for you (the method will be the one that fits better for your cluster)
+    expose: true
diff --git a/gistfile2.txt b/gistfile2.txt
@@ -0,0 +1,7 @@
+1. install nexus operator https://github.com/m88i/nexus-operator
+2. Create scc to allow use uid 200
+    oc create -f allow-nexus-userid-200-scc.yaml
+3. allow nexus3 serviceaccount use allow-nexus-userid-200 scc
+    oc adm policy add-scc-to-user allow-nexus-userid-200  -z nexus3
+4. create nexus3 crd
+    oc create -f  Nexus3.yaml