Nexus Repository Manager 3 on Kubernetes

January 15, 2022

This article shows how to run Nexus Repository Manager 3 on Kubernetes.

1. Prerequisites

  1. A working Kubernetes cluster. See Kubernetes on Windows Subsystem for Linux (WSL) 2 using kind and Docker Engine.

2. Create deployment configuration

$ cat <<\EOF > nexus-repository-manager-values.yaml
ingress:
  enabled: false
nexus:
  env:
    - name: NEXUS_CONTEXT (1)
      value: nexus (1)
  livenessProbe:
    path: /nexus (2)
  readinessProbe:
    path: /nexus (2)
EOF
1 Set the context path for Nexus web server. This helps in routing ingress requests prefixed with this path to Nexus server.
2 Set probe paths equal to the context path of Nexus server.

We disable the ingress templates that come with Nexus Helm chart, because they use networking.k8s.io/v1beta1 version that is not available in Kubernetes 1.23.

3. Deploy

Install Nexus Repository Manager using Helm chart.

$ helm repo add sonatype https://sonatype.github.io/helm3-charts/

$ helm repo update

$ kubectl create namespace "nexus"

$ helm install \
    nexus-repository-manager \
    sonatype/nexus-repository-manager \
    --version 37.3.0 \
    --values nexus-repository-manager-values.yaml \
    --namespace nexus

Create ingress.

cat <<EOF | kubectl apply -n nexus -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nexus-repository-manager
spec:
  rules:
  - http:
      paths:
      - path: /nexus (1)
        pathType: Prefix
        backend:
          service:
            name: nexus-repository-manager
            port:
              number: 8081
EOF
1 Route requests prefixed with /nexus to Nexus server. This value must be equal to /<nexus-server-context-path>.

Test ingress.

$ curl -I http://<ingress-host-port>/nexus

HTTP/1.1 302 Found
...

4. Initial setup

Obtain admin password.

POD_NAME=$(kubectl get pods -n nexus -l "app.kubernetes.io/name=nexus-repository-manager,app.kubernetes.io/instance=nexus-repository-manager" -o jsonpath="{.items[0].metadata.name}")

kubectl -n nexus exec -it ${POD_NAME} -- cat /nexus-data/admin.password

Open <ingress-host-port>/nexus in browser and sign in as admin using the password obtained in previous step.

Nexus will prompt you to change the admin password. Set a new password of your choice. In our examples, we will use the password Admin00!.

Nexus will ask if you want to enable anonymous access so that, by default, users can search, browse and download components from repositories without credentials. Because ours is a private Nexus server used for experiments only, we can enable anonymous access.

5. Test

Download an artifact from Maven Central.

curl -fsSLO \
  https://search.maven.org/remotecontent?filepath=junit/junit/4.13.2/junit-4.13.2.jar

Try uploading the artifact to Nexus.

curl -v \
  -u 'admin:Admin00!' \
  -X POST \
  'http://<ingress-host-port>/nexus/service/rest/v1/components?repository=maven-releases' \
  -F maven2.groupId=junit \
  -F maven2.artifactId=junit \
  -F maven2.version=4.13.2 \
  -F maven2.generate-pom=true \
  -F maven2.asset1=@junit-4.13.2.jar \
  -F maven2.asset1.extension=jar

rm junit-4.13.2.jar

Try downloading the latest version of the artifact from Nexus.

$ curl -L \
  -X GET \
  -H "accept: application/json" \
  "http://<ingress-host-port>/nexus/service/rest/v1/search/assets/download?sort=version&repository=maven-releases&maven.groupId=junit&maven.artifactId=junit&maven.extension=jar"
  -o junit-4.13.2.jar

$ jar tvf junit-4.13.2.jar
     0 Sat Feb 13 17:31:36 IST 2021 META-INF/
     . . .

Cleanup:

  1. Delete the artifact using Nexus web console.

  2. rm junit-4.13.2.jar

6. Cleanup

Delete deployment configuration.

$ rm --force --verbose nexus-repository-manager-values.yaml

7. References