sonatype · bobotimi · Oct 8, 2024 · Oct 8, 2024 · Oct 9, 2024 · Oct 14, 2024
@@ -0,0 +1,26 @@
+{{ if .Values.certmanager.letsencrypt.dns01Challenge.rbac.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Values.certmanager.letsencrypt.dns01Challenge.rbac.role.name }}
+  namespace: {{ .Values.namespaces.certmanagerNs.name }}
+rules:
+  - apiGroups: ['']
+    resources: ['serviceaccounts/token']
+    resourceNames: [ {{ .Values.certmanager.letsencrypt.dns01Challenge.serviceAccount.name | quote }} ]
+    verbs: ['create']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Values.certmanager.letsencrypt.dns01Challenge.rbac.roleBinding.name }}
+  namespace: {{ .Values.namespaces.certmanagerNs.name }}
+subjects:
+  - kind: ServiceAccount
+    name: cert-manager
+    namespace: cert-manager
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ .Values.certmanager.letsencrypt.dns01Challenge.rbac.role.name }}
+{{ end }}
@@ -0,0 +1,87 @@
+{{- if .Values.certificate.enabled }}
+{{- if .Values.certificate.nexus.enabled }}
+apiVersion: {{ .Values.certificate.apiVersion }}
+kind: Certificate
+metadata:
+  name: {{ .Values.certificate.nexus.name }}
+  namespace: {{ default .Release.Namespace .Values.namespaces.nexusNs.name | quote }}
+spec:
+  secretName: {{ .Values.certificate.nexus.secretName }}
+  revisionHistoryLimit:  {{ .Values.certificate.nexus.revisionHistoryLimit }}
+  {{ if .Values.certificate.nexus.secretTemplate }}
+  secretTemplate:
+  {{- with .Values.certificate.nexus.secretTemplate }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.privateKey.enabled }}
+  privateKey:
+    {{ if .Values.certificate.nexus.privateKey.algorithm }}
+    algorithm: {{ .Values.certificate.nexus.privateKey.algorithm }}
+    {{ end }}
+    {{ if .Values.certificate.nexus.privateKey.encoding }}
+    encoding: {{ .Values.certificate.nexus.privateKey.encoding }}
+    {{ end }}
+    {{ if .Values.certificate.nexus.privateKey.size }}
+    size: {{ .Values.certificate.nexus.privateKey.size }}
+    {{ end }}
+    {{ if .Values.certificate.nexus.privateKey.rotationPolicy }}
+    rotationPolicy: {{ .Values.certificate.nexus.privateKey.rotationPolicy }}
+    {{ end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.keystores }}
+  keystores:
+    {{- with .Values.certificate.nexus.keystores }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{ end }}
+  duration: {{ .Values.certificate.nexus.duration }}
+  renewBefore: {{ .Values.certificate.nexus.renewBefore }}
+  isCA: {{ .Values.certificate.nexus.isCa }}
+  usages:
+    {{- with .Values.certificate.nexus.usages }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{ if .Values.certificate.nexus.subject }}
+  subject:
+    {{- with .Values.certificate.nexus.subject }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.commonName }}
+  commonName: {{ .Values.certificate.nexus.commonName }}
+  {{ end }}
+  dnsNames:
+    {{- with .Values.certificate.nexus.dnsNames }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{ if .Values.certificate.nexus.uris }}
+  uris:
+  {{- with .Values.certificate.nexus.uris }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.emailAddresses }}
+  emailAddresses:
+  {{- with .Values.certificate.nexus.emailAddresses }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.ipAddresses }}
+  ipAddresses:
+  {{- with .Values.certificate.nexus.ipAddresses }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{ end }}
+  {{ if .Values.certificate.nexus.otherNames }}
+  otherNames:
+  {{- with .Values.certificate.nexus.otherNames }}
+    {{ toYaml . | nindent 4 }}
+  {{- end }}
+  {{ end }}
+  issuerRef:
+    name: {{ .Values.certificate.issuer.name }}
+    kind: {{ .Values.certificate.issuer.kind }}
+    group: {{ .Values.certificate.issuer.group }}
+{{ end }}
+{{ end }}
@@ -0,0 +1,10 @@
+{{- if .Values.certificate.issuer.enabled }}
+apiVersion: {{ .Values.certificate.apiVersion }}
+kind: {{ .Values.certificate.issuer.kind }}
+metadata:
+  name: {{ .Values.certificate.issuer.name }}
+spec:
+  {{- with .Values.certificate.issuer.spec }}
+    {{ toYaml . | nindent 2 }}
+  {{ end }}
+{{ end }}
@@ -0,0 +1,45 @@
+{{- if .Values.nexus.docker.enabled }}
+{{- if .Values.nexus.docker.createIngress }}
+{{- $fullName := include "nexus.fullname" . -}}
+{{- range $registry := .Values.nexus.docker.registries }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  namespace: {{ default $.Release.Namespace $.Values.namespaces.nexusNs.name | quote }}
+  name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
+  labels:
+    {{- include "nexus.labels" $ | nindent 4 }}
+    {{- if $.Values.nexus.extraLabels }}
+      {{- with $.Values.nexus.extraLabels }}
+        {{ toYaml . | nindent 4 }}
+      {{- end }}
+    {{- end }}
+  {{- with $registry.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if $.Values.ingress.ingressClassName }}
+  ingressClassName: {{ $.Values.ingress.ingressClassName }}
+  {{ end }}
+  {{- if $registry.enableTLS }}
+  tls:
+    - hosts:
+        - {{ $registry.host | quote }}
+      secretName: {{ $registry.secretName }}
+  {{ end }}
+  rules:
+    - host: {{ $registry.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
+                port:
+                  number: {{ $registry.port }}
+---
+{{ end }}
+{{ end }}
+{{ end }}
@@ -27,7 +27,7 @@ roleRef:
   name: external-dns
 subjects:
   - kind: ServiceAccount
-    name: {{ include "nexus.serviceAccountName" . }}
+    name: {{ .Values.serviceAccount.externaldns.name }}
     namespace: {{ .Values.namespaces.externaldnsNs | quote }}
 ---
 apiVersion: apps/v1
@@ -48,10 +48,10 @@ spec:
       labels:
         app.kubernetes.io/name: external-dns
     spec:
-      serviceAccountName: {{ include "nexus.serviceAccountName" . }}
+      serviceAccountName: {{ .Values.serviceAccount.externaldns.name }}
       containers:
         - name: external-dns
-          image: k8s.gcr.io/external-dns/external-dns:v0.11.0
+          image: {{ .Values.externaldns.image }}
           args:
             - --source=service
             - --source=ingress

@@ -10,16 +10,26 @@ metadata:
     {{- if .Values.nexus.extraLabels }}
       {{- with .Values.nexus.extraLabels }}
         {{ toYaml . | nindent 4 }}
-      {{- end }}
-    {{- end }}
+      {{- end }} # end with extra labels
+    {{- end }} # end if extra labels
   {{- with .Values.ingress.annotations }}
   annotations:
     {{- toYaml . | nindent 4 }}
-  {{- end }}
+  {{- end }} # end with annotations
 spec:
   {{- if .Values.ingress.ingressClassName }}
   ingressClassName: {{ .Values.ingress.ingressClassName }}
-  {{ end }}
+  {{ end }} # end if ingress class name
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }} # end range hosts
+      secretName: {{ .secretName }}
+    {{- end }} # range tls
+  {{- end }} # end if tls
   rules:
     {{- if .Values.ingress.defaultRule }}
     {{- if .Values.ingress.host }}
@@ -41,6 +51,7 @@ spec:
       {{ toYaml . | nindent 4 }}
     {{- end }}
     {{- if and .Values.ingress.host .Values.ingress.dockersubdomain }}
+    {{- if .Values.ingress.subdomainWildcard }}
     - host: "*.{{ .Values.ingress.host }}"
       http:
         paths:
@@ -51,48 +62,26 @@ spec:
                 name: {{ $fullName }}
                 port:
                   number: {{ .Values.service.nexus.port }}
-    {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-      - {{ . | quote }}
-      {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-{{- end}}
+    {{ else }}
+    {{ range $dockerSubDomain := .Values.ingress.dockersubdomains }}
+    - host: "{{ $dockerSubDomain }}"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $.Values.service.nexus.port }}
+    {{ end }}
+    {{ end }}
+    {{ end }}
 {{- if .Values.nexus.docker.enabled }}
-{{ range $registry := .Values.nexus.docker.registries }}
-{{- $fullName := include "nexus.fullname" $ -}}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  namespace: {{ default $.Release.Namespace $.Values.namespaces.nexusNs.name | quote }}
-  name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
-  labels:
-    {{- include "nexus.labels" $ | nindent 4 }}
-    {{- if $.Values.nexus.extraLabels }}
-      {{- with $.Values.nexus.extraLabels }}
-        {{ toYaml . | nindent 4 }}
-      {{- end }}
-    {{- end }}
-  {{- with $registry.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if $.Values.ingress.ingressClassName }}
-  ingressClassName: {{ $.Values.ingress.ingressClassName }}
-  {{ end }}
-  tls:
-    - hosts:
-        - {{ $registry.host | quote }}
-      secretName: {{ $registry.secretName }}
-  rules:
-    - host: {{ $registry.host }}
+    {{- if .Values.nexus.docker.createDockerRulesOnMainIngress }}
+    {{ range $registry := .Values.nexus.docker.registries }}
+    {{- $fullName := include "nexus.fullname" $ -}}
+    - host: {{ $registry.host | quote }}
       http:
         paths:
           - path: /
@@ -102,6 +91,7 @@ spec:
                 name: {{ $fullName | trunc 49 }}-docker-{{ $registry.port }}
                 port:
                   number: {{ $registry.port }}
----
+    {{ end }}
+{{- end }}
 {{- end }}
 {{- end }}
@@ -19,4 +19,40 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
+---
+{{- if .Values.aws.externaldns.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.externaldns.name }}
+  namespace: {{ .Values.namespaces.externaldnsNs }}
+  labels: {{- include "nexus.labels" . | nindent 4 }}
+  {{- if .Values.nexus.extraLabels }}
+    {{- with .Values.nexus.extraLabels }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.serviceAccount.externaldns.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+---
+{{- if .Values.certmanager.letsencrypt.dns01Challenge.serviceAccount.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.certmanager.letsencrypt.dns01Challenge.serviceAccount.name }}
+  namespace: {{ .Values.namespaces.certmanagerNs.name }}
+  labels: {{- include "nexus.labels" . | nindent 4 }}
+  {{- if .Values.nexus.extraLabels }}
+    {{- with .Values.nexus.extraLabels }}
+      {{ toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+  {{- with .Values.certmanager.letsencrypt.dns01Challenge.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
 {{- end }}
@@ -85,7 +85,7 @@ spec:
           ports:
             - name: nexus-ui
               containerPort: {{ .Values.statefulset.container.containerPort }}
-            {{- if .Values.nexus.docker.enabled }}
+            {{- if and .Values.nexus.docker.enabled .Values.nexus.docker.exposeDockerPorts }}
             {{- range .Values.nexus.docker.registries }}
             - name: docker-{{ .port }}
               containerPort: {{ .port }}