Overview:
Nexus IQ can be installed on AWS EKS cluster using EBS Volume as persistent storage.
This article explains how to use our helm chart to perform the same.
PreRequisites:
- AWS EKS cluster with Kubernetes 1.19+
- AWS EBS Volumes (1 for data and 1 for log)
- kubectl
- Helm 3
- FIPS Disabled. If Environment has FIPS enabled, refer to this KB for workarounds
- A Nexus IQ license (base64 encoded)
Base64 encoded data of Nexus Pro license file named in this example as nx-license.lic.
$ base64 --wrap=0 nx-license.lic (Linux) / $ base64 nx-license.lic (Mac)
cylwwtYx6Fjh7o4k34Ih3KM.....
- Preferably Separate namespace for Nexus deployment. This example uses namespace name,nexus
$ kubectl create namespace nexus
namespace/nexus created
Deploying Nexus IQ
- Install Sonatype Helm3 charts
$ helm repo add sonatype https://sonatype.github.io/helm3-charts/
"sonatype" has been added to your repositories
- Create a local myvalues.yaml file with license details, hostname, storage and ingress name. Please note down correct indentation in the example yaml file below.
iq:
name: nxiq
hostname: iq-server.demo
applicationPort: 8070
adminPort: 8071
# base 64 encoded license file with no line breaks
licenseSecret: "cylwwtYx6FiKsLDfLoFpSc..."
# add below line, and the `licenseSecret` above, to auto-configure licensing
licenseFile: /etc/nexus-iq-license/license_lic
persistence:
enabled: true
accessMode: ReadWriteOnce
storageSize: 100Gi
pvName: nexus-data-disk
logPVName: nexus-log-disk
awsElasticBlockStore:
volumeID: aws://us-west-2/vol-02de268cc5c338918
fstype: ext4
logVolumeID: aws://ap-southeast-2/vol-0e7e2c03f2755b79b
fstype: ext4
- Deploy Nexus IQ instance using helm
$ helm install nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server
NAME: nexus-iq
LAST DEPLOYED: Tue Mar 14 13:31:18 2023
NAMESPACE: nexus
STATUS: deployed
REVISION: 1
NOTES:
1. Get the application URL by running these commands:
export POD_NAME=$(kubectl get pods --namespace nexus -l "app.kubernetes.io/name=nexus-iq-server,app.kubernetes.io/instance=iq" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace nexus port-forward $POD_NAME 8070:8070
Your application is available at http://127.0.0.1:8070
- Check the Persistent Volume to confirm corresponding EBS Volume is used.
$ kubectl describe pv nexus-data-disk -n nexus
Name: nexus-data-disk
Labels: app.kubernetes.io/instance=iq
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=nexus-iq-server
app.kubernetes.io/version=1.155.0
helm.sh/chart=nexus-iq-server-155.0.0
Annotations: meta.helm.sh/release-name: iq
meta.helm.sh/release-namespace: nexus
Finalizers: [kubernetes.io/pv-protection external-attacher/ebs-csi-aws-com]
StorageClass:
Status: Bound
Claim: nexus/iq-nexus-iq-server-data
Reclaim Policy: Recycle
Access Modes: RWO
VolumeMode: Filesystem
Capacity: 1Gi
Node Affinity: <none>
Message:
Source:
Type: AWSElasticBlockStore (a Persistent Disk resource in AWS)
VolumeID: aws://ap-southeast-2/vol-02de268cc5c338918
FSType: ext4
Partition: 0
ReadOnly: false
Events: <none>
- Access IQ UI and login as admin using default password admin123 and continue setting up Policies, Organizations and Applications.
Optional Note: If the EBS volumes used is unencrypted and would like to encrypt it, follow below steps.
1. Stop the IQ deployment
$ kubectl scale --replicas=0 nexus-iq -n nexus
2. Take a snapshot of the corresponding volumes
3. Create a new volume from snapshot volumes with encryption enabled
4. Note down the new volume ID's
5. Update the above values.yaml file with new encrypted volume IDs
6. Deploy a new Nexus IQ using using the updated values.yaml file
$ helm install enc-nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server
7. Login to new Nexus instance UI and confirm all the data is present
8. Uninstall the old nexus deployment
$ helm uninstall nexus-iq -n nexus