Deploy Sonatype Nexus Repository OSS on AWS with well architecture.
Deploy Sonatype Nexus Repository OSS via Helm on EKS.
yarn install --check-files --frozen-lockfile
npx projen
npx cdk deploy --parameters NexusAdminInitPassword=<init admin password of nexus3> --parameters DomainName=<the hostname of nexus3 deployment>
npx cdk deploy --parameters NexusAdminInitPassword=<init admin password of nexus3> --parameters DomainName=<nexus.mydomain.com> -c r53Domain=<mydomain.com>
or
npx cdk deploy --parameters NexusAdminInitPassword=<init admin password of nexus3> --parameters DomainName=<nexus.mydomain.com> --parameters R53HostedZoneId=<id of route53 hosted zone> -c enableR53HostedZone=true
This solution will create new VPC across two AZs with public, private subnets and NAT gateways by default.
You can deploy the solution to the existing VPC by below options,
npx cdk deploy <other options> -c vpcId=<existing vpc id>
# or deploy to the default vpc
npx cdk deploy <other options> -c vpcId=default
NOTE: the existing VPC must have public and private subnets across two AZs and route the internet traffic of private subnets to NAT gateways.
npx cdk deploy -c internalALB=true
The solution will create Kubernetes 1.20 by default. You can specify other Kubernetes versions like below,
npx cdk deploy <other options> --parameters KubernetesVersion=1.19
NOTE: 1.20
, 1.19
and 1.18
are allowed versions. You can NOT enable auto configuration feat when creating an EKS cluster with version 1.19. See this issue for detail.
Due to AWS load balancer has different policy requirement for partitions, you need speicfy the target region info via context region
to pick the corresponding IAM policies.
npx cdk deploy <other options> -c region=cn-north-1
The solution could deploy the Nexus Repository OSS to the existing EKS cluster. There are some prerequisites that your EKS cluster must meet,
system:masters
RBAC role. If the cluster you are using was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to system:masters
manually. The trust policy of this role should include the the arn:aws::iam::${accountId}:root
principal in order to allow the execution role of the kubectl resource to assume it. Then you can follow the eksctl guide to map the IAM role to Kubernetes RBAC,Below is an example to deploy Nexus Repository OSS to an existing EKS cluster with public domain configured,
npx cdk deploy -c vpcId=vpc-12345 -c importedEKS=true -c eksClusterName=the-cluster-name -c eksKubectlRoleArn=arn:aws:iam::123456789012:role/eks-kubectl-role -c eksOpenIdConnectProviderArn=arn:aws:iam::123456789012:oidc-provider/oidc.eks.ap-east-1.amazonaws.com/id/12345678 -c nodeGroupRoleArn=arn:aws:iam::123456789012:role/eksctl-cluster-nodegroup-ng-NodeInstanceRole-123456 --parameters NexusAdminInitPassword=<the strong password> -c enableAutoConfigured=true --parameters DomainName=<the custom domain> --parameters R53HostedZoneId=<id of r53 zone> -c enableR53HostedZone=true
You must specify the default init admin password when deploying this solution. The password must satisfy below requirements,
Nexus3 supports using script to configure the Nexus3 service, for example, BlobStores, Repositories and so on. The script feature is disabled by default since Nexus3 3.21.2. You can opt-in auto configuration feature of this solution like below that will enable script feature of Nexus.
npx cdk deploy <other options> -c enableAutoConfigured=true
It would automatically configure the fresh provisioning Nexus3 with below changes,
file
based blobstores3-blobstore
using the dedicated S3 bucket created by this solution with never expiration policy for artifactsRun below command to clean the deployment or delete the SonatypeNexus3OnEKS
stack via CloudFormation console.
npx cdk destroy
NOTE: you still need manually delete the EFS file system and S3 bucket created by this solution. Those storage might contain your data, be caution before deleting them.
It's an official solution of AWS China regions. You can quickly deploy this solution to below regions via CloudFormation,
Region name | Region code | Launch |
---|---|---|
Global regions(switch to the region you want to deploy) | us-east-1(default) | |
AWS China(Beijing) Region | cn-north-1 | |
AWS China(Ningxia) Region | cn-northwest-1 |
Region name | Region code | Launch |
---|---|---|
Global regions(switch to the region you want to deploy) | us-east-1(default) | |
AWS China(Beijing) Region | cn-north-1 | |
AWS China(Ningxia) Region | cn-northwest-1 |
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.
Also this application uses below open source projects,