{"id":30196721,"url":"https://github.com/m88i/nexus-operator","last_synced_at":"2025-08-13T05:29:25.296Z","repository":{"id":43838236,"uuid":"206983189","full_name":"m88i/nexus-operator","owner":"m88i","description":"Sonatype Nexus OSS Kubernetes Operator based on Operator SDK","archived":false,"fork":false,"pushed_at":"2022-01-05T16:02:02.000Z","size":1060,"stargazers_count":49,"open_issues_count":27,"forks_count":15,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-06-20T08:06:11.882Z","etag":null,"topics":["cicd","coreos","hacktoberfest","kubernetes","nexus","nexus-operator","nexus-repository","nexus-repository-manager","nexus-repository-oss","nexus-server","nexus3","openshift","operators","operators-sdk"],"latest_commit_sha":null,"homepage":"http://operatorhub.io/operator/nexus-operator-m88i","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m88i.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-09-07T14:56:07.000Z","updated_at":"2024-06-01T01:05:52.000Z","dependencies_parsed_at":"2022-07-16T01:30:36.268Z","dependency_job_id":null,"html_url":"https://github.com/m88i/nexus-operator","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/m88i/nexus-operator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m88i%2Fnexus-operator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m88i%2Fnexus-operator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m88i%2Fnexus-operator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m88i%2Fnexus-operator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m88i","download_url":"https://codeload.github.com/m88i/nexus-operator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m88i%2Fnexus-operator/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270184622,"owners_count":24541564,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-13T02:00:09.904Z","response_time":66,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cicd","coreos","hacktoberfest","kubernetes","nexus","nexus-operator","nexus-repository","nexus-repository-manager","nexus-repository-oss","nexus-server","nexus3","openshift","operators","operators-sdk"],"created_at":"2025-08-13T05:29:23.054Z","updated_at":"2025-08-13T05:29:25.267Z","avatar_url":"https://github.com/m88i.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Nexus Operator Integration Checks](https://github.com/m88i/nexus-operator/workflows/Nexus%20Operator%20Integration%20Checks/badge.svg)\n[![Go Report Card](https://goreportcard.com/badge/github.com/m88i/nexus-operator)](https://goreportcard.com/report/github.com/m88i/nexus-operator)\n![GitHub release (latest by date)](https://img.shields.io/github/v/release/m88i/nexus-operator?label=latest)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n![GitHub go.mod Go version](https://img.shields.io/github/go-mod/go-version/m88i/nexus-operator)\n\nTable of Contents\n=================\n\n\u003c!--ts--\u003e\n   * [Table of Contents](#table-of-contents)\n   * [Nexus Operator](#nexus-operator)\n      * [Pre Requisites](#pre-requisites)\n      * [Quick Install](#quick-install)\n         * [Openshift](#openshift)\n         * [Clean up](#clean-up)\n      * [Automatic Updates](#automatic-updates)\n         * [Successful Updates](#successful-updates)\n         * [Failed Updates](#failed-updates)\n      * [Custom Configuration](#custom-configuration)\n      * [Networking](#networking)\n         * [Use NodePort](#use-nodeport)\n         * [Network on OpenShift](#network-on-openshift)\n         * [Network on Kubernetes 1.14 ](#network-on-kubernetes-114)\n            * [NGINX Ingress troubleshooting](#nginx-ingress-troubleshooting)\n         * [Ignoring external changes to Ingress/Route resources](#ignoring-external-changes-to-ingressroute-resources)\n         * [TLS/SSL](#tlsssl)\n         * [Annotations and Labels](#annotations-and-labels)\n      * [Persistence](#persistence)\n         * [Extra volumes](#extra-volumes)\n         * [Minikube](#minikube)\n      * [Service Account](#service-account)\n      * [Control Random Admin Password Generation](#control-random-admin-password-generation)\n      * [Red Hat Certified Images](#red-hat-certified-images)\n      * [Image Pull Policy](#image-pull-policy)\n      * [Repositories Auto Creation](#repositories-auto-creation)\n      * [Scaling](#scaling)\n      * [Contributing](#contributing)\n\n\n\u003c!--te--\u003e\n\n\n# Nexus Operator\n\nA Nexus OSS Kubernetes Operator based on the [Operator SDK](https://github.com/operator-framework/operator-sdk).\n\nYou can find us at [OperatorHub](https://operatorhub.io/operator/nexus-operator-m88i) or at the [\"Operators\" tab in your OpenShift 4.x web console](https://docs.openshift.com/container-platform/4.4/operators/olm-adding-operators-to-cluster.html), just search for \"Nexus\". If you don't have access to [OLM](https://github.com/operator-framework/operator-lifecycle-manager), try installing it manually [following our quick installation guide](#quick-install).\n\nIf you have any questions please either [open an issue](https://github.com/m88i/nexus-operator/issues) or send an email to the mailing list: [nexus-operator@googlegroups.com](mailto:nexus-operator@googlegroups.com).\n\n## Pre Requisites\n\n- [`kubectl` installed](https://kubernetes.io/docs/tasks/tools/install-kubectl/)\n- Kubernetes (1.16+) or OpenShift (4.5+) cluster available (minikube or crc also supported)\n- Cluster admin credentials to install the Operator\n\n\u003e Note: since version 0.6.0 we do not support OpenShift 3.11 or Kubernetes 1.11 anymore.\n\u003e If you need to install in these clusters, please use version [0.5.0](https://github.com/m88i/nexus-operator/releases/tag/v0.5.0) instead.\n\n## Quick Install\n\nThe installation procedure will create a Namespace named `nexus-operator-system` and will install every resources needed for the operator to run:\n\n```bash\n# requires python and kubectl\nbash \u003c(curl -s https://github.com/m88i/nexus-operator/blob/main/hack/install.sh)\n```\n\nAlternatively, you can manually elect a [released version](https://github.com/m88i/nexus-operator/releases):\n\n```bash\nVERSION=\u003cversion from GitHub releases page\u003e\n\nkubectl apply -f https://github.com/m88i/nexus-operator/releases/download/${VERSION}/nexus-operator.yaml\n```\n\nYou can choose any flavors of Nexus 3.x server from our [`examples`](examples) directory and apply the YAML in any namespace in your cluster.\nUse these examples as a starting point to customize the server to meet your requirements.\n\n### Openshift\n\nIf you're running the Operator on Openshift (4.5+) and **you're not using Red Hat image with persistence enabled**, that's anything other than `spec.useRedHatImage: true` and `spec.persistence.persistent: true`,\nit's also necessary to configure a [Security Context Constraints](https://docs.openshift.com/container-platform/3.11/admin_guide/manage_scc.html) (SCC) resource.\n\nThis is necessary because the Nexus image requires its container to be ran as UID 200. \nThe use of the `restricted` default SCC in Openshift results in a failure when starting the pods, as seen in [Issue #41](https://github.com/m88i/nexus-operator/issues/41) and [Issue #51](https://github.com/m88i/nexus-operator/issues/51) (see this issue for more details on why can't the Operator handle this for you as things are now).\n\nValid SCC resources can be found at the `examples/` directory. You must associate the SCC with the `ServiceAccount` in use.\n\nFor persistent configurations:\n\n```\n$ oc apply -f examples/scc-persistent.yaml\n```\n\nFor volatile configurations:\n\n```\n$ oc apply -f examples/scc-volatile.yaml\n```\n\n\u003e **Note**: you must choose one or the other, applying both will result in using the one applied last.\n\u003e **Note**: These have changed with the introduction of Nexus Operator version 0.6.0 to include `configMap` volumes.\n\nOnce the SCC has been created, run:\n\n```\n$ oc adm policy add-scc-to-user allow-nexus-userid-200 -z \u003cServiceAccountName\u003e\n```\n\nThis command will bind the SCC we just created with the `ServiceAccount` being used to create the Pods.\n\nIf you're [using a custom ServiceAccount](#service-account), replace \"`\u003cServiceAccountName\u003e`\" with the name of that account. \nIf you're not using a custom `ServiceAccount`, the operator has created a default one which has the same name as your Nexus CR, replace \"`\u003cServiceAccountName\u003e`\" with that.\n\n### Clean up\n\nConsidering that you ran the install command above, to remove the operator completely from your cluster, just run:\n\n```bash\nmake uninstall\n```\n\n## Automatic Updates\n\nThe Nexus Operator is capable of conducting automatic updates within a minor (the `y` in `x.y.z`) when using the community default image (`docker.io/sonatype/nexus3`). In the future Red Hat images will also be supported by this feature.\n\u003e **Note**: custom images will not be supported as there is no guarantee that they follow [semantic versioning](https://semver.org/) and as such, updates within the same minor may be disruptive.\n\nTwo fields within the Nexus CR control this behavior:\n\n  - `spec.automaticUpdate.disabled` (*boolean*): Whether the Operator should perform automatic updates. Defaults to `false` (auto updates are enabled). Is set to `false` if `spec.image` is not empty and is different from the default community image.\n  - `spec.automaticUpdate.minorVersion` (*integer*): The Nexus image minor version the deployment should stay in. If left blank and automatic updates are enabled the latest minor is set.\n\n\u003e **Note**: if you wish to set a specific tag when using the default community image you must first disable automatic updates.\n\n\u003e **Important**: a change of minors will *not* be monitored or acted upon as an automatic update. Changing the minor is a manual process initiated by the human operator and as such must be monitored by the human operator.\n \nThe state of ongoing updates is written to `status.updateConditions`, which can be easily accessed with `kubectl`:\n\n```\n$ kubectl describe nexus\n# (output omitted)\n  Update Conditions:\n    Starting automatic update from 3.26.0 to 3.26.1\n    Successfully updated from 3.26.0 to 3.26.1\nEvents:\n  Type    Reason         Age   From    Message\n  ----    ------         ----  ----    -------\n  Normal  UpdateSuccess  59s   nexus3  Successfully updated to 3.26.1\n```\n\n\u003e **Note**: do *not* modify these conditions manually, the Operator reconstructs the update state from these.\n\n### Successful Updates\n\nOnce an update finishes successfully, an [Event](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#event-v1-core) is raised. You may view the events from a particular Nexus CR by describing it:\n\n```\n$ kubectl describe \u003cNexus CR\u003e\n```\n\nOr you may query all events:\n\n```\n$ kubectl get events\n```\n\nA successful update event looks like:\n\n```yaml\napiVersion: v1\ncount: 1\neventTime: null\nfirstTimestamp: \"2020-08-26T13:56:16Z\"\ninvolvedObject:\n  apiVersion: apps.m88i.io/v1alpha1\n  kind: Nexus\n  name: nexus3\n  namespace: update\n  resourceVersion: \"66087\"\n  uid: f017e60f-21b5-4b14-b67c-341e029afae3\nkind: Event\nlastTimestamp: \"2020-08-26T13:56:16Z\"\nmessage: Successfully updated to 3.26.1\n# (output omitted)\nreason: UpdateSuccess\nreportingComponent: \"\"\nreportingInstance: \"\"\nsource:\n  component: nexus3\ntype: Normal\n```\n\n```\n$ kubectl get events         \nLAST SEEN   TYPE      REASON              OBJECT                         MESSAGE\n12m         Normal    UpdateSuccess       nexus/nexus3                   Successfully updated to 3.26.1\n# (output omitted)\n```\n\n### Failed Updates\n\nWhen an update fails, since the Deployments produced by the Operator use a [Rolling Deployment Strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) there is no disruption and the previous version is still available. \nThe Operator will then:\n \n   1. disable automatic updates\n   2. set `spec.image` to the version that was set before the update began\n   3. raise a failure event\n\nA failed update event looks like:\n\n```yaml\napiVersion: v1\ncount: 1\neventTime: null\nfirstTimestamp: \"2020-08-21T18:29:11Z\"\ninvolvedObject:\n  apiVersion: apps.m88i.io/v1alpha1\n  kind: Nexus\n  name: nexus3\n  namespace: update\n  resourceVersion: \"51602\"\n  uid: 2e9ef49a-7d37-4c96-bfae-0642a9487c95\nkind: Event\nlastTimestamp: \"2020-08-21T18:29:11Z\"\nmessage: Failed to update to 3.26.1. Human intervention may be required\n# (output omitted)\nreason: UpdateFailed\nreportingComponent: \"\"\nreportingInstance: \"\"\nsource:\n  component: nexus3\ntype: Warning\n```\n\n```\n$ kubectl get events         \n  LAST SEEN   TYPE      REASON              OBJECT                         MESSAGE\n  9m45s       Warning   UpdateFailed        nexus/nexus3                   Failed to update to 3.26.1. Human intervention may be required\n# (output omitted)\n```\n## Custom Configuration\n\nStarting on version 0.6.0, the operator now mounts a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) with\nthe contents of the [`nexus.properties`](https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment) file\nin the path `$NEXUS_DATA/etc/nexus.properties`.\n\nThe Nexus Operator mount this file with the contents of the field `Spec.Properties` using [the Java properties format](https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#load-java.io.Reader-). \nIf you change this field, the operator will deploy a new pod _immediately_ to reflect the changes applied in the `ConfigMap`.\n\n**Don't update** the managed `ConfigMap` directly, otherwise the operator will replace its contents with `Spec.Properties` field.\nAlways use the Nexus CR as the only source of truth. See this [example](examples/nexus3-centos-no-volume-custom-properties.yaml) to\nlearn how to properly set your properties directly in the CR.\n\n\u003e **Beware!** Since we don't support HA yet, the server will be unavailable until the next pod comes up. Try to update the configuration only \n\u003e when you can afford to have the server unavailable.\n\n## Networking\n\nThere are three flavours for exposing the Nexus server deployed with the Nexus Operator: `NodePort`, `Route` (for OpenShift) and `Ingress` (for Kubernetes).\n\n### Use NodePort\n\nYou can expose the Nexus server via [`NodePort`](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) by setting the following parameters in the CR:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  (...)\n  networking:\n    expose: true\n    exposeAs: \"NodePort\"\n    nodePort: 31031\n```\n\nIt's not the recommended approach, but fits whatever Kubernetes flavour you have.\n\n### Network on OpenShift\n\nOn OpenShift, the Nexus server can be exposed via [Routes](https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html).\nSet the following parameters in the CR:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  (...)\n  networking:\n    expose: true\n```\n\n### Network on Kubernetes 1.14+\n\nOn Kubernetes, we leverage from an [`Ingress`](https://kubernetes.io/docs/concepts/services-networking/ingress/) to expose the Nexus service:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  (...)\n  networking:\n    expose: true\n    exposeAs: \"Ingress\"\n    host: \"nexus.example.com\"\n```\n\nPlease note that `host` is a required parameter when exposing via `Ingress`.\nJust make sure that that the host resolves to your cluster.\n\nIf you're running on Minikube, take a look in the article [\"Set up Ingress on Minikube with the NGINX Ingress Controller\"](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/)\n\n#### NGINX Ingress troubleshooting\n\nIf you've deployed the [NGINX Ingress controller](https://kubernetes.io/docs/tasks/access-application-cluster/ingress-minikube/), you might see [`413 ERROR - Entity too large`](https://github.com/kubernetes/ingress-nginx/issues/4825) in uploading the artifacts to the Nexus server.\n \nYou would need to enter the maximum size allowed for the data packet in the `configMap` for the controller.\n\nIf you've deployed the Ingress controller in Minikube it'll be available in the `kube-system` namespace\n\n```\n$ kubectl get deploy -n kube-system\n                                                              \nNAME                       READY   UP-TO-DATE   AVAILABLE   AGE\ncoredns                    1/1     1            1           47h\ningress-nginx-controller   1/1     1            1           47h\n``` \nFor checking out the name of the `configMap` you can run:\n\n```shell-script\n$ kubectl get deploy/ingress-nginx-controller -o yaml -n kube-system | grep \"\\--configmap\" \n\n- --configmap=$(POD_NAMESPACE)/nginx-load-balancer-conf\n```\n\nNow you would need to edit the config map:\n\n`$ kubectl edit configmaps nginx-load-balancer-conf -n kube-system `\n\nIn the root of the opened yaml file add:\n\n```yaml\ndata:\n  proxy-body-size: 10m\n```\n\n**Note**: If you want to have no limit for the data packet you can specify the `proxy-body-size: 0m`\n\n### Ignoring external changes to Ingress/Route resources\n\nRoute and Ingress resources are highly configurable, and often the need to change them arises. For example, further\nconfiguration can be performed by webhooks, but these changes get undone by the Operator as soon as it detects them.\n\nStarting at version 0.6.0 you may specify that the Operator should ignore external changes made to Ingress and Route\nresources. This is controlled by the `spec.networking.ignoreUpdates` boolean field in the Nexus resource. It defaults to\n`false`, meaning the Operator will change the Ingress/Route specification to match its state as defined by this\nresource. Set to `true` in order to prevent the Operator from undoing external changes in the resources' configuration.\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  networking:\n    ignoreUpdates: true\n```\n\n### TLS/SSL\n\nFor details about TLS configuration check out\nour [TLS guide](https://github.com/m88i/nexus-operator/tree/main/docs/TLS.md).\n\n### Annotations and Labels\n\nYou may provide custom labels and annotations to Route/Ingress resources by setting them\non  `.spec.networking.annotations` and `.spec.networking.labels`. For example:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  networking:\n    annotations:\n      my-cool-annotation: \"even-cooler-value\"\n      my-other-cool-annotation: \"not-as-cool-value\"\n    labels:\n      my-cool-label: \"even-cooler-value\"\n```\n\n## Persistence\n\n### Extra volumes\n\nStarting at version 0.6.0 you may specify extra volumes to be mounted at the pod running Nexus, which comes in handy for\nmigrating existing blob stores, for example. These volumes are controlled by the `spec.persistence.extraVolumes` field.\n\nFor example, if you wanted to mount an AWS EBS volume, some PVC of yours and an EmptyDir volume:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  persistence:\n    extraVolumes:\n      - name: \"my-cool-ebs-vol\"\n        mountPath: \"/path/for/AWS-EBS/\"\n        # This AWS EBS volume must already exist.\n        awsElasticBlockStore:\n          volumeID: \"\u003cvolume id\u003e\"\n          fsType: ext4\n      - name: \"my-cool-claim-vol\"\n        mountPath: \"/path/for/persistent-vol-claim/\"\n        # This PVC must exist on the same namespace\n        persistentVolumeClaim:\n          claimName: \"my-cool-claim\"\n      - name: \"my-cool-empty-dir-vol\"\n        mountPath: \"/path/for/emptyDir/\"\n        emptyDir: { }\n```\n\nEach item of this `extraVolumes` array provides:\n\n- `mountPath`: a string representing the path at which this volume should be mounted\n- a Kubernetes `Volume` specification\n\nFor more information about Kubernetes Volumes refer to\ntheir [documentation](https://kubernetes.io/docs/concepts/storage/volumes/)\nand each specific plugin documentation. For additional details about Persistent Volumes and using Claims as volumes\nrefer to the [documentation](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes).\n\n\u003e **Important**: updating the `spec.persistence.extraVolumes` field may lead to temporary unavailability while the new\n\u003e deployment with the new volume configuration rolls out.\n\n### Minikube\n\nOn Minikube the dynamic PV [creation might fail](https://github.com/kubernetes/minikube/issues/7218). If this happens in\nyour environment, **before creating the Nexus server**, create a PV with this\ntemplate: [examples/pv-minikube.yaml](examples/pv-minikube.yaml). Then give the correct permissions to the directory in\nMinikube VM:\n\n```sh\n$ minikube ssh\n                         _             _            \n            _         _ ( )           ( )           \n  ___ ___  (_)  ___  (_)| |/')  _   _ | |_      __  \n/' _ ` _ `\\| |/' _ `\\| || , \u003c  ( ) ( )| '_`\\  /'__`\\\n| ( ) ( ) || || ( ) || || |\\`\\ | (_) || |_) )(  ___/\n(_) (_) (_)(_)(_) (_)(_)(_) (_)`\\___/'(_,__/'`\\____)\n\n$ sudo chown 200:200 -R /data/pv0001/\n\n$ ls -la /data/\ntotal 8\ndrwxr-xr-x  3 root root 4096 Apr 26 15:42 .\ndrwxr-xr-x 19 root root  500 Apr 26 20:47 ..\ndrwxr-xr-x  2  200  200 4096 Apr 26 15:42 pv0001\n```\n\n## Service Account\n\nIt is possible to use a custom [`ServiceAccount`](https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/) to perform your Deployments with the Nexus Operator via:\n\n  - `spec.serviceAccountName` (*string*): ServiceAccountName is the name of the ServiceAccount used to run the Pods. If left blank, a default ServiceAccount is created with the same name as the Nexus CR.\n\n**Important**: the Operator handles the creation of default resources necessary to run. If you choose to use a custom ServiceAccount be sure to also configure [`Role`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole) and [`RoleBinding`](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#rolebinding-and-clusterrolebinding) resources.\n\n## Control Random Admin Password Generation\n\nBy default, from version 0.3.0 the Nexus Operator **does not** generate a random password for the `admin` user. This means that you can login in the server right away with the default administrator credentials (admin/admin123). **Comes in handy for development purposes, but consider changing this password right away on production environments**.\n\nTo enable random password generation, you can set the attribute `generateRandomAdminPassword` in the Nexus CR spec to `true`. Then the Nexus service will create a random password in the file system. You have to grab the password from a file inside the Nexus Server container in order to login in the web console:\n\n```\n$ kubectl exec \u003cnexus server pod name\u003e -- cat /nexus-data/admin.password\n```\n\nUse this password to login into the web console with the username `admin`. \n\n## Red Hat Certified Images\n\nIf you have access to [Red Hat Catalog](https://access.redhat.com/containers/#/registry.connect.redhat.com/sonatype/nexus-repository-manager), you might change the flag `spec.useRedHatImage` to `true`.\n**You'll have to set your Red Hat credentials** in the namespace where Nexus is deployed to be able to pull the image.\n\n[In future versions](https://github.com/m88i/nexus-operator/issues/14) the Operator will handle this step for you.\n\n## Image Pull Policy\n\nYou can control the pods Image Pull Policy using the `spec.imagePullPolicy` field. It accepts either of the following values:\n\n  - `Always`\n  - `IfNotPresent`\n  - `Never` \n\nIf this field is set to an invalid value this configuration will be omitted, deferring to [Kubernetes default behavior](https://kubernetes.io/docs/concepts/containers/images/#updating-images), which is `Always` if the image's tag is \"latest\" and `IfNotPresent` otherwise.\n\nLeaving this field blank will also result in deferring to Kubernetes default behavior.\n\n## Repositories Auto Creation\n\nFrom 0.3.0 version, the Operator will try to create an administrator user to be used on internal operations, such as creating community Maven repositories.\n\nThe default Nexus user `admin` is used to create the `nexus-operator` user, whose credentials are then stored in a secret with the same name as the Nexus CR.\n\nIt's possible to disable the operator user creation by setting `spec.serverOperatons.disableOperatorUserCreation` to `true`. In this case, the `admin` user will be used instead. This configuration is **not recommended**, since you can track all the operations, change the operator user permissions and enable or disable it if you need. By disabling the operator user creation, the Operator will use the default `admin` credentials to perform all server operations, which will fail if you change the default credentials (something that must be done when aiming for a secure environment).\n\nThe Operator also will create three Maven repositories by default:\n\n1. [Apache](https://repo.maven.apache.org/maven2/)\n2. [JBoss](https://repo.maven.apache.org/maven2/)\n3. [Red Hat](https://maven.repository.redhat.com/ga/)\n\nAll of these repositories will be also added to the `maven-public` group. This group will gather the vast majority of jars needed by the most common use cases out there. If you won't need them, just disable this behavior by setting the attribute `spec.serverOperatons.disableRepositoryCreation` to `true` in the Nexus CR. \n\nAll of these operations are disabled if the attribute `spec.generateRandomAdminPassword` is set to `true`, since default credentials are needed to create the `nexus-operator` user. You can safely change the default credentials after this user has been created.\n\n## Scaling\n\nFor now, the Nexus Operator won't accept a number higher than `1` to the `spec.replicas` attribute.\nThis is because the Nexus server can't share its mounted persistent volume with other pods. See #191 for more details.\n\nHorizontal scaling will only work once we add [HA support](https://help.sonatype.com/repomanager3/high-availability) to the operator (see #61). \nIf you need to scale the server, you should take the vertical approach and increase the numbers of resource limits used\nby the Nexus server. For example:\n\n```yaml\napiVersion: apps.m88i.io/v1alpha1\nkind: Nexus\nmetadata:\n  name: nexus3\nspec:\n  replicas: 1\n  # Set the resources requests and limits for Nexus pods. See: https://help.sonatype.com/repomanager3/system-requirements\n  resources:\n    limits:\n      cpu: \"4\"\n      memory: \"8Gi\"\n    requests:\n      cpu: \"1\"\n      memory: \"2Gi\"\n  persistence:\n    persistent: true\n    volumeSize: 10Gi\n```\n\nWe are working to support HA in the future.\n\n## Contributing\n\nPlease read our [Contribution Guide](CONTRIBUTING.md).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm88i%2Fnexus-operator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm88i%2Fnexus-operator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm88i%2Fnexus-operator/lists"}