How to install Nexus IQ on EKS with EBS volume


Nexus IQ can be installed on AWS EKS cluster using EBS Volume as persistent storage.

This article explains how to use our helm chart to perform the same.



  • AWS EKS cluster with Kubernetes 1.19+
  • AWS EBS Volumes (1 for data and 1 for log)
  • kubectl
  • Helm 3
  • FIPS Disabled. If Environment has FIPS enabled, refer to this KB for workarounds 
  • A Nexus IQ license (base64 encoded)

Base64 encoded data of Nexus Pro license file named in this example as nx-license.lic

$ base64 --wrap=0 nx-license.lic (Linux) / $ base64 nx-license.lic (Mac)
  • Preferably Separate namespace for Nexus deployment. This example uses namespace name,nexus
$ kubectl create namespace nexus
namespace/nexus created


Deploying Nexus IQ

  • Install Sonatype Helm3 charts
$ helm repo add sonatype
"sonatype" has been added to your repositories
  • Create a local myvalues.yaml file with license details, hostname, storage and ingress name. Please note down correct indentation in the example yaml file below. 
name: nxiq
hostname: iq-server.demo
applicationPort: 8070
adminPort: 8071
# base 64 encoded license file with no line breaks
licenseSecret: "cylwwtYx6FiKsLDfLoFpSc..."
# add below line, and the `licenseSecret` above, to auto-configure licensing
licenseFile: /etc/nexus-iq-license/license_lic

enabled: true
accessMode: ReadWriteOnce
storageSize: 100Gi
pvName: nexus-data-disk
logPVName: nexus-log-disk
volumeID: aws://us-west-2/vol-02de268cc5c338918
fstype: ext4
logVolumeID: aws://ap-southeast-2/vol-0e7e2c03f2755b79b
fstype: ext4
  • Deploy Nexus IQ instance using helm
$ helm install nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server
NAME: nexus-iq
LAST DEPLOYED: Tue Mar 14 13:31:18 2023
STATUS: deployed
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace nexus -l "," -o jsonpath="{.items[0]}")
kubectl --namespace nexus port-forward $POD_NAME 8070:8070
Your application is available at
  • Check the Persistent Volume to confirm corresponding EBS Volume is used.
$ kubectl describe pv nexus-data-disk -n nexus
Name: nexus-data-disk
Annotations: iq nexus
Finalizers: [ external-attacher/ebs-csi-aws-com]
Status: Bound
Claim: nexus/iq-nexus-iq-server-data
Reclaim Policy: Recycle
Access Modes: RWO
VolumeMode: Filesystem
Capacity: 1Gi
Node Affinity: <none>
Type: AWSElasticBlockStore (a Persistent Disk resource in AWS)
VolumeID: aws://ap-southeast-2/vol-02de268cc5c338918
FSType: ext4
Partition: 0
ReadOnly: false
Events: <none>
  • Access IQ UI and login as admin using default password admin123 and continue setting up Policies, Organizations and Applications.

Optional Note:  If the EBS volumes used is unencrypted and would like to encrypt it, follow below steps.

1. Stop the IQ deployment 

$ kubectl scale --replicas=0 nexus-iq -n nexus 

2. Take a snapshot of the corresponding volumes

3. Create a new volume from snapshot volumes with encryption enabled

4. Note down the new volume ID's

5. Update the above values.yaml file with new encrypted volume IDs

6. Deploy a new Nexus IQ using using the updated values.yaml file

$ helm install enc-nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server

7. Login to new Nexus instance UI and confirm all the data is present

8. Uninstall the old nexus deployment

$ helm uninstall nexus-iq -n nexus
Have more questions? Submit a request


Article is closed for comments.