Nexus IQ can be deployed in kubernetes cluster using various methods as below
1. Using YAML files
2. Using Helm Charts
3. Using OpenShift Operator
This article explains installing Nexus IQ, including license using Sonatype helm3 charts.
PreRequisites:
- Kubernetes 1.19+
- kubectl
- Helm 3
- FIPS Disabled. If Environment has FIPS enabled, refer to this KB for workarounds
- A Nexus IQ license (base64 encoded)
Base64 encoded data of Nexus Pro license file named in this example as nx-license.lic.
$ base64 --wrap=0 nx-license.lic (Linux) / $ base64 nx-license.lic (Mac)
cylwwtYx6Fjh7o4k34Ih3KM.....
- Preferably Separate namespace for Nexus deployment. This example uses namespace name,nexus
$ kubectl create namespace nexus
namespace/nexus created
Deploying Nexus IQ
- Install Sonatype Helm3 charts
$ helm repo add sonatype https://sonatype.github.io/helm3-charts/
"sonatype" has been added to your repositories
- Create a local myvalues.yaml file with license details, hostname, storage and ingress name. Please note down correct indentation in the example yaml file below.
iq:
name: nxiq
hostname: iq-server.demo
applicationPort: 8070
adminPort: 8071
# base 64 encoded license file with no line breaks
licenseSecret: "cylwwtYx6FiKsLDfLoFpSc..."
# add this line with this file path and the `licenseSecret` above to autoconfigure licensing
licenseFile: /etc/nexus-iq-license/license_lic
ingress:
enabled: true
ingressClassName: nginx
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "0"
hostUI: iq-server.minikube.mydomain
hostUIPath: /
hostAdmin: admin.minikube.mydomain
hostAdminPath: /
persistence:
enabled: true
accessMode: ReadWriteOnce
storageSize: 100Gi
- Deploy iq instance using helm
$ helm install nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server
NAME: nexus-iq
LAST DEPLOYED: Thu Sep 8 15:21:34 2022
NAMESPACE: nexus
STATUS: deployed
REVISION: 1
NOTES:
1. Your ingresses are available here:
http://iq-server.minikube.mydomain/
http://admin.minikube.mydomain/
- Access IQ UI using the configured Ingress URL and login as admin using default password admin123 and continue setting up Policies, Organizations and Applications.
We highly recommend to use external database for container environment.
Below arguments can be added for connecting to a postgresql hostname postgres, database named iqdb, as user iq with password iq123. Modify the myvalues.yaml with your local values as below for configuring with external database.
env:
- name: JAVA_OPTS
value: "-Djava.util.prefs.userRoot=$(SONATYPE_WORK)/javaprefs -Ddw.database.type=postgresql -Ddw.database.hostname=postgres -Ddw.database.port=5432 -Ddw.database.name=iqdb -Ddw.database.username=iq -Ddw.database.password=iq123"
Upgrading IQ deployment
Below example upgrades iq 1.140 version deployed on nexus namespace to latest iq 1.143.
NOTE:Please follow all the steps explained in our document link prior to upgrading iq deployment, including backing up the database.
- Check current nexus deployment version
$ helm list -n nexus
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nexus-iq nexus 1 2022-09-09 15:27:23.517864 +1000 AEST deployed nexus-iq-server-140.0.0 1.140.0
- Check latest chart version available on local helm repo
$ helm search repo sonatype/nexus-iq-server --versions | head -7
NAME CHART VERSION APP VERSION DESCRIPTION
sonatype/nexus-iq-server 142.0.0 1.142.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 141.0.1 1.141.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 141.0.0 1.141.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 140.0.1 1.140.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 140.0.0 1.140.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 139.0.0 1.139.0 Sonatype Nexus IQ Server continuously monitors ...
- Update local helm repo to get latest versions from sonatype
$ helm repo update sonatype
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "sonatype" chart repository
Update Complete. ⎈Happy Helming!⎈
- Confirm new chart version is updated locally (Below example shows latest version is 143).
$ helm search repo sonatype/nexus-iq-server --versions | head -3
NAME CHART VERSION APP VERSION DESCRIPTION
sonatype/nexus-iq-server 143.0.0 1.143.0 Sonatype Nexus IQ Server continuously monitors ...
sonatype/nexus-iq-server 142.0.0 1.142.0 Sonatype Nexus IQ Server continuously monitors ...
- Update the myvalues.yaml file to increase the readiness probe value to allow time for DB schema upgrade during first start, as below. Please use the same myvalues.yaml file used to deploy the IQ instance.
iq:
# Increase the readiness probe for IQ Upgrade
readinessProbe:
initialDelaySeconds: 30
periodSeconds: 30
failureThreshold: 100
timeoutSeconds: 2
successThreshold: 1
- Upgrade IQ deployment to latest version, 1.143.
$ helm upgrade nexus-iq -n nexus -f myvalues.yaml sonatype/nexus-iq-server
Release "nexus-iq" has been upgraded. Happy Helming!
NAME: nexus-iq
LAST DEPLOYED: Fri Sep 9 15:34:40 2022
NAMESPACE: nexus
STATUS: deployed
REVISION: 2
NOTES:
1. Your ingresses are available here:
http://iq-server.minikube.mydomain/
http://admin.minikube.mydomain/
- Confirm nexus deployment is updated
$ helm list -n nexus
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
nexus-iq nexus 2 2022-09-09 15:34:40.823653 +1000 AEST deployed nexus-iq-server-143.0.0 1.143.0
- Login to IQ UI and confirm that new version is upgraded
Note: When upgrading from Older IQ versions (< 118, where user id was 997 than current 1000), we need to change the file ownership in the persistent volume. For performing this operation, use myvalues.yaml file with fixOwner enabled set to true as below.
fixOwner:
enabled: true
updateUser: 1000
updateGroup: 1000
Please use attached myvalues.yaml file, with above options, as reference for your local actions.
Stopping IQ Deployment
Use deployment scale option to stop IQ Pod without removing the deployment
$ kubectl scale deploy/nexus-iq-nexus-iq-server --replicas=0 -n nexus
deployment.apps/nexus-iq-nexus-iq-server scaled
Starting IQ Deployment
$ kubectl scale deploy/nexus-iq-nexus-iq-server --replicas=1 -n nexus
deployment.apps/nexus-iq-nexus-iq-server scaled
$ kubectl get pods -n nexus
NAME READY STATUS RESTARTS AGE
nexus-iq-nexus-iq-server-5d4d984577-7h8sb 0/1 Running 0 26s
Uninstall IQ deployment
Please note, this would remove the persistent volume as well, thus result in data loss.
$ helm uninstall nexus-iq -n nexus
release "nexus-iq" uninstalled