hc2p · March 1, 2023 15:29
diff --git a/nexus.yaml b/nexus.yaml
 apiVersion: v1
 kind: Namespace
 metadata:
  name: nexus
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: nexus-pvc
  namespace: nexus
  labels:
    app: nexus
 spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 100Gi
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name:  nexus
  namespace: nexus
 spec:
  selector:
    matchLabels:
      app: nexus
  replicas: 1
  template:
    metadata:
      labels:
        app:  nexus
    spec:
      initContainers:
      - name: fix-ownership-nexus-data
        image: busybox
        command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
        volumeMounts:
        - name: nexus-data-volume
          mountPath: /nexus-data
      containers:
      - name:  nexus
        image: sonatype/nexus3:latest
        imagePullPolicy: Always
        ports:
        - containerPort:  8081
        volumeMounts:
        - name: nexus-data-volume
          mountPath: /nexus-data
        env:
        - name: NEXUS_SECURITY_RANDOMPASSWORD
          value: "false"
        - name: INSTALL4J_ADD_VM_PARAMS
          value: >-
            -Xms2703m
            -Xmx2703m
            -XX:MaxDirectMemorySize=2703m
            -Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs
      volumes:
        - name: nexus-data-volume
          persistentVolumeClaim:
            claimName: nexus-pvc
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: nexus-service
  namespace: nexus
 spec:
  selector:
    app: nexus
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 8081
  - name: registry
    protocol: TCP
    port: 8082
    targetPort: 8082
  - name: hosted-registry
    protocol: TCP
    port: 8084
    targetPort: 8084
 ---
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: nexus-ingress
  namespace: nexus
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/proxy-body-size: 20g
 spec:
  ingressClassName: nginx
  rules:
  - host: archive.<your domain>
    http:
      paths:
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: nexus-service
              port:
                number: 80
  - host: registry.archive.<your domain>
    http:
      paths:      
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: nexus-service
              port:
                number: 8082
  - host: hosted-registry.archive.<your domain>
    http:
      paths:      
        - pathType: Prefix
          path: "/"
          backend:
            service:
              name: nexus-service
              port:
                number: 8084
  tls:
    - hosts:
        - archive.<your domain>
      secretName: archive.<your domain>-tls-cert
    - hosts:
        - registry.archive.<your domain>
      secretName: registry.archive.<your domain>-tls-cert
    - hosts:
        - hosted-registry.archive.<your domain>
      secretName: hosted-registry.archive.<your domain>-tls-cert
 ---
	apiVersion: v1
	kind: Namespace
	metadata:
	name: nexus
	---
	apiVersion: v1
	kind: PersistentVolumeClaim
	metadata:
	name: nexus-pvc
	namespace: nexus
	labels:
	app: nexus
	spec:
	accessModes:
	- ReadWriteOnce
	resources:
	requests:
	storage: 100Gi
	---
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: nexus
	namespace: nexus
	spec:
	selector:
	matchLabels:
	app: nexus
	replicas: 1
	template:
	metadata:
	labels:
	app: nexus
	spec:
	initContainers:
	- name: fix-ownership-nexus-data
	image: busybox
	command: ["sh", "-c", "chown -R 200:200 /nexus-data"]
	volumeMounts:
	- name: nexus-data-volume
	mountPath: /nexus-data
	containers:
	- name: nexus
	image: sonatype/nexus3:latest
	imagePullPolicy: Always
	ports:
	- containerPort: 8081
	volumeMounts:
	- name: nexus-data-volume
	mountPath: /nexus-data
	env:
	- name: NEXUS_SECURITY_RANDOMPASSWORD
	value: "false"
	- name: INSTALL4J_ADD_VM_PARAMS
	value: >-
	-Xms2703m
	-Xmx2703m
	-XX:MaxDirectMemorySize=2703m
	-Djava.util.prefs.userRoot=${NEXUS_DATA}/javaprefs
	volumes:
	- name: nexus-data-volume
	persistentVolumeClaim:
	claimName: nexus-pvc
	---
	apiVersion: v1
	kind: Service
	metadata:
	name: nexus-service
	namespace: nexus
	spec:
	selector:
	app: nexus
	ports:
	- name: http
	protocol: TCP
	port: 80
	targetPort: 8081
	- name: registry
	protocol: TCP
	port: 8082
	targetPort: 8082
	- name: hosted-registry
	protocol: TCP
	port: 8084
	targetPort: 8084
	---
	apiVersion: networking.k8s.io/v1
	kind: Ingress
	metadata:
	name: nexus-ingress
	namespace: nexus
	annotations:
	cert-manager.io/cluster-issuer: letsencrypt
	nginx.ingress.kubernetes.io/proxy-body-size: 20g
	spec:
	ingressClassName: nginx
	rules:
	- host: archive.<your domain>
	http:
	paths:
	- pathType: Prefix
	path: "/"
	backend:
	service:
	name: nexus-service
	port:
	number: 80
	- host: registry.archive.<your domain>
	http:
	paths:
	- pathType: Prefix
	path: "/"
	backend:
	service:
	name: nexus-service
	port:
	number: 8082
	- host: hosted-registry.archive.<your domain>
	http:
	paths:
	- pathType: Prefix
	path: "/"
	backend:
	service:
	name: nexus-service
	port:
	number: 8084
	tls:
	- hosts:
	- archive.<your domain>
	secretName: archive.<your domain>-tls-cert
	- hosts:
	- registry.archive.<your domain>
	secretName: registry.archive.<your domain>-tls-cert
	- hosts:
	- hosted-registry.archive.<your domain>
	secretName: hosted-registry.archive.<your domain>-tls-cert
	---