[WIP] Add rclone support

charts/sonatype-nexus/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: sonatype-nexus
-version: 3.6.0
+version: 4.0.0
 appVersion: 3.27.0
 description: Sonatype Nexus is an open source repository manager
 keywords:
@@ -17,6 +17,7 @@ sources:
   - https://github.com/travelaudience/docker-nexus
   - https://github.com/travelaudience/kubernetes-nexus
   - https://github.com/travelaudience/docker-nexus-backup
+  - https://github.com/dbccompany/docker-nexus-backup
 maintainers:
   - name: rjkernick
     email: rjkernick@gmail.com

charts/sonatype-nexus/README.md

@@ -8,6 +8,7 @@ This chart bootstraps a Nexus OSS deployment on a cluster using Helm.
 This setup is best configured in [GCP](https://cloud.google.com/) since:
 
 - [google cloud storage](https://cloud.google.com/storage/) is used for backups
+- [NEW: Rclone](https://rclone.org/) it uses Rclone to create backups, basically compatible with all the major clouds.
 - [GCE Ingress controller](https://github.com/kubernetes/ingress/blob/master/docs/faq/gce.md) is used for using a pre-allocated static IP in GCE.
 
 There is also the option of using a [proxy for Nexus](https://github.com/travelaudience/nexus-proxy) that authenticates Nexus against an external identity provider (only GCP IAM at the moment) which is **disabled** by default.
@@ -133,10 +134,12 @@ The following table lists the configurable parameters of the Nexus chart and the
 | `persistence.annotations`                   | Persistent Volume annotations       | `{}`                                    |
 | `persistence.existingClaim`                 | Existing PVC name                   | `nil`                                   |
 | `nexusBackup.enabled`                       | Nexus backup process                | `false`                                 |
-| `nexusBackup.imageName`                     | Nexus backup image                  | `quay.io/travelaudience/docker-nexus-backup` |
-| `nexusBackup.imageTag`                      | Nexus backup image version          | `1.5.0`                                 |
+| `nexusBackup.imageName`                     | Nexus backup image                  | `dbcc/docker-nexus-backup` |
+| `nexusBackup.imageTag`                      | Nexus backup image version          | `0.0.1`                                 |
 | `nexusBackup.imagePullPolicy`               | Backup image pull policy            | `IfNotPresent`                          |
-| `nexusBackup.env.targetBucket`              | Required if `nexusBackup` is enabled. Google Cloud Storage bucker for backups format `gs://BACKUP_BUCKET`  | `nil`  |
+| `nexusBackup.env.rcloneRemote`              | Required if `nexusBackup` is enabled. Name of the Rclone remote as defined in the `rcloneConfig` entry. Example: `AWS`  | `nil`  |
+| `nexusBackup.env.targetBucket`              | Required if `nexusBackup` is enabled. Name of the target bucket or bucket/path. Example: `my_bucket` or `my_bucket/my_folder`  | `nil`  |
+| `nexusBackup.env.streamingUploadCutoff`     | Size of the data chunks to send to the Rclone remote, this value affects the maximum size of the backup file to upload.  | `"5000000"`  |
 | `nexusBackup.env.nexusAuthorization`        | If set, `nexusBackup.nexusAdminPassword` will be disregarded. | `nil`  |
 | `nexusBackup.env.offlineRepos`              | Space separated list of repositories must be taken down to achieve a consistent backup. | `"maven-central maven-public maven-releases maven-snapshots"`  |
 | `nexusBackup.env.gracePeriod`               | The amount of time in seconds to wait between stopping repositories and starting the upload. | `60`  |
@@ -148,6 +151,7 @@ The following table lists the configurable parameters of the Nexus chart and the
 | `nexusBackup.persistence.annotations`       | PV annotations for backup           | `{}`                                    |
 | `nexusBackup.persistence.existingClaim`     | Existing PVC name for backup        | `nil`                                   |
 | `nexusBackup.resources`                     | Backup resource requests and limits | `{}`                                    |
+| `nexusBackup.rcloneConfig.rclone.conf`                 | Rclone remote configuration, can be generated using the `rclone config` command, or using docker: `docker run -it --rm rclone/rclone config` | `[AWS]` <br> `type = s3` <br> `provider = AWS` <br> `env_auth = true` <br> `region = us-east-1` <br> `acl = authenticated-read` |
 | `nexusCloudiam.enabled`                       | Nexus Cloud IAM service account key path                | `false`                                 |
 | `nexusCloudiam.persistence.accessMode`        | ReadWriteOnce or ReadOnly           | `ReadWriteOnce`                         |
 | `nexusCloudiam.persistence.annotations`       | PV annotations for Cloud IAM service account key path | `{}`                                    |

charts/sonatype-nexus/templates/deployment-statefulset.yaml

@@ -225,6 +225,10 @@ spec:
               value: {{ .Values.nexusBackup.env.gracePeriod | quote }}
             - name: TRIGGER_FILE
               value: .backup
+            - name: RCLONE_REMOTE
+              value: {{ .Values.nexusBackup.env.rcloneRemote | quote }}
+            - name: STREAMING_UPLOAD_CUTOFF
+              value: {{ .Values.nexusBackup.env.streamingUploadCutoff | default "5000000" | quote }}
             {{- if .Values.nexusCloudiam.enabled }}
             - name: CLOUD_IAM_SERVICE_ACCOUNT_KEY_PATH
               value: /nexus-data/cloudiam/service-account-key.json
@@ -238,6 +242,8 @@ spec:
             - mountPath: /nexus-data/cloudiam
               name: {{ template "nexus.fullname" . }}-cloudiam
             {{- end }}
+            - mountPath: /root/.config/rclone
+              name: {{ template "nexus.fullname" . }}-rclone-config
         {{- end }}
         {{- if .Values.deployment.additionalContainers }}
 {{ toYaml .Values.deployment.additionalContainers | indent 8 }}
@@ -247,6 +253,11 @@ spec:
 {{ toYaml .Values.nexus.securityContext | indent 8 }}
       {{- end }}
       volumes:
+        {{- if .Values.nexusBackup.enabled }}
+        - name: {{ template "nexus.fullname" . }}-rclone-config
+          secret:
+            secretName: {{ template "nexus.name" . }}-rclone-config-secret
+        {{- end }}
         {{- if .Values.nexusProxy.env.cloudIamAuthEnabled }}
         - name: {{ template "nexus.proxy-ks.name" . }}
           secret:

charts/sonatype-nexus/templates/rclone-config-secret.yaml

@@ -0,0 +1,19 @@
+{{- if and .Values.nexusBackup.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "nexus.name" . }}-rclone-config-secret
+  namespace: {{ template "nexus.namespace" . }}
+  labels:
+{{ include "nexus.labels" . | indent 4 }}
+{{- if .Values.nexus.labels }}
+{{ toYaml .Values.nexus.labels | indent 4 }}
+{{- end }}
+data:
+{{- if .Values.nexusBackup.rcloneConfig }}
+{{- range $key, $val := .Values.nexusBackup.rcloneConfig }}
+  {{ $key }}: |-
+{{ $val | b64enc| indent 4}}
+{{- end }}
+{{- end -}}
+{{- end}}

charts/sonatype-nexus/values.yaml

@@ -151,12 +151,15 @@ persistence:
 
 nexusBackup:
   enabled: false
-  imageName: quay.io/travelaudience/docker-nexus-backup
-  imageTag: 1.5.0
+  imageName: dbcc/docker-nexus-backup
+  imageTag: 0.0.1
   imagePullPolicy: IfNotPresent
   env:
+    rcloneRemote:
     targetBucket:
     nexusAuthorization:
+    # Size of the data chunk to stream to the remote
+    streamingUploadCutoff: "5000000"
     offlineRepos: "maven-central maven-public maven-releases maven-snapshots"
     gracePeriod: 60
   # This should match the value of `initAdminPassword.password` if `initAdminPassword.enabled` is true
@@ -180,6 +183,14 @@ nexusBackup:
     # limits:
       # cpu: 200m
       # memory: 512Mi
+  rcloneConfig:
+    rclone.conf: |
+      [AWS]
+      type = s3
+      provider = AWS
+      env_auth = true
+      region = us-east-1
+      acl = authenticated-read
 
 nexusCloudiam:
   enabled: false
@@ -278,6 +289,9 @@ deployment:
   # # Uncomment and modify this to run a command after starting the nexus container.
   postStart:
     command:    # '["/bin/sh", "-c", "ls"]'
+    # # Enable nexus scripts settings, disabled by default for versions >= 3.21.2
+    # command:    '["/bin/sh", "-c", "if [[ -z $(grep ^nexus.scripts.allowCreation=true /nexus-data/etc/nexus.properties) ]];then echo nexus.scripts.allowCreation=true >> /nexus-data/etc/nexus.properties;fi"]'
+
   additionalContainers:
   additionalVolumes:
   additionalVolumeMounts: