dmi3mis · March 17, 2023 01:17
diff --git a/allow-nexus-userid-200-scc.yaml b/allow-nexus-userid-200-scc.yaml
 apiVersion: security.openshift.io/v1
 kind: SecurityContextConstraints
 metadata:
  name: allow-nexus-userid-200
 fsGroup:
  ranges:
    - max: 200
      min: 200
  type: MustRunAs
 runAsUser:
  type: MustRunAs
  uid: 200
 seLinuxContext:
  type: MustRunAs
 supplementalGroups:
  ranges:
    - max: 200
      min: 200
  type: MustRunAs
 volumes:
  - configMap
  - persistentVolumeClaim
  - secret
diff --git a/gistfile1.txt b/gistfile1.txt
 apiVersion: apps.m88i.io/v1alpha1
 kind: Nexus
 metadata:
  name: nexus3
 spec:
  # Number of Nexus pod replicas (can't be increased after creation)
  replicas: 1
  # Here you can specify the image version to fulfill your needs. Defaults to docker.io/sonatype/nexus3:latest if useRedHatImage is set to false
  #image: "docker.io/sonatype/nexus3:latest"
  # let's use the centOS image since we do not have access to Red Hat Catalog
  useRedHatImage: true
  # Set the resources requests and limits for Nexus pods. See: https://help.sonatype.com/repomanager3/system-requirements
  resources:
    limits:
      cpu: "2"
      memory: "2Gi"
    requests:
      cpu: "1"
      memory: "2Gi"
  # Data persistence details
  persistence:
    # Should we persist Nexus data? Yes, please. (turn this to false only if you're evaluating this resource)
    persistent: true
    # Size of the volume reserved for the pods. Be aware that if replicas greater then 1, a RWX Persistent Volume will be created, hence
    # make sure that your cluster has support for this configuration. Ignored if persistent is set to false. Defaults to 10Gi
    volumeSize: 10Gi
  # bugfix  https://github.com/m88i/nexus-operator/issues/223  " RuntimeException: AccessDeniedException: /nexus-data/etc/logback"
  extraVolumes:
      - emptyDir:
          medium: ''
        mountPath: /nexus-data/etc/logback
        name: logback
        
  networking:
    # let the operator expose the Nexus server for you (the method will be the one that fits better for your cluster)
    expose: true
diff --git a/gistfile2.txt b/gistfile2.txt
 1. install nexus operator https://github.com/m88i/nexus-operator
 2. Create scc to allow use uid 200
    oc create -f allow-nexus-userid-200-scc.yaml
 3. allow nexus3 serviceaccount use allow-nexus-userid-200 scc
    oc adm policy add-scc-to-user allow-nexus-userid-200  -z nexus3
 4. create nexus3 crd
    oc create -f  Nexus3.yaml
diff --git a/Nexus3.yaml b/Nexus3.yaml
 apiVersion: apps.m88i.io/v1alpha1
 kind: Nexus
 metadata:
  name: nexus3
 spec:
  serviceAccountName: nexus3
  resources:
    limits:
      cpu: '2'
      memory: 3Gi
    requests:
      cpu: '1'
      memory: 2Gi
  readinessProbe:
    failureThreshold: 3
    initialDelaySeconds: 240
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 15
  useRedHatImage: true
  livenessProbe:
    failureThreshold: 3
    initialDelaySeconds: 240
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 15
  serverOperations: {}
  automaticUpdate:
    disabled: true
  networking:
    expose: true
    exposeAs: Route
    tls:
      mandatory: true
  image: registry.connect.redhat.com/sonatype/nexus-repository-manager
  replicas: 1
  persistence:
    extraVolumes:
      - emptyDir:
          medium: ''
        mountPath: /nexus-data/etc/logback
        name: logback
    persistent: true
    volumeSize: 10Gi
	apiVersion: security.openshift.io/v1
	kind: SecurityContextConstraints
	metadata:
	name: allow-nexus-userid-200
	fsGroup:
	ranges:
	- max: 200
	min: 200
	type: MustRunAs
	runAsUser:
	type: MustRunAs
	uid: 200
	seLinuxContext:
	type: MustRunAs
	supplementalGroups:
	ranges:
	- max: 200
	min: 200
	type: MustRunAs
	volumes:
	- configMap
	- persistentVolumeClaim
	- secret
	apiVersion: apps.m88i.io/v1alpha1
	kind: Nexus
	metadata:
	name: nexus3
	spec:
	# Number of Nexus pod replicas (can't be increased after creation)
	replicas: 1
	# Here you can specify the image version to fulfill your needs. Defaults to docker.io/sonatype/nexus3:latest if useRedHatImage is set to false
	#image: "docker.io/sonatype/nexus3:latest"
	# let's use the centOS image since we do not have access to Red Hat Catalog
	useRedHatImage: true
	# Set the resources requests and limits for Nexus pods. See: https://help.sonatype.com/repomanager3/system-requirements
	resources:
	limits:
	cpu: "2"
	memory: "2Gi"
	requests:
	cpu: "1"
	memory: "2Gi"
	# Data persistence details
	persistence:
	# Should we persist Nexus data? Yes, please. (turn this to false only if you're evaluating this resource)
	persistent: true
	# Size of the volume reserved for the pods. Be aware that if replicas greater then 1, a RWX Persistent Volume will be created, hence
	# make sure that your cluster has support for this configuration. Ignored if persistent is set to false. Defaults to 10Gi
	volumeSize: 10Gi
	# bugfix https://github.com/m88i/nexus-operator/issues/223 " RuntimeException: AccessDeniedException: /nexus-data/etc/logback"
	extraVolumes:
	- emptyDir:
	medium: ''
	mountPath: /nexus-data/etc/logback
	name: logback

	networking:
	# let the operator expose the Nexus server for you (the method will be the one that fits better for your cluster)
	expose: true
	1. install nexus operator https://github.com/m88i/nexus-operator
	2. Create scc to allow use uid 200
	oc create -f allow-nexus-userid-200-scc.yaml
	3. allow nexus3 serviceaccount use allow-nexus-userid-200 scc
	oc adm policy add-scc-to-user allow-nexus-userid-200 -z nexus3
	4. create nexus3 crd
	oc create -f Nexus3.yaml