Sonatype Nexus Registry
Introduction
Bunnyshell supports connecting Sonatype Nexus repositories to your organization, allowing you to use those registries to store your container images and deploy them on Kubernetes clusters.
Before you proceed, make sure you have administrator privileges on your Sonatype account.
Configure Sonatype Nexus Repository
You can use an already created repository or create a new one by going to Server administration and configuration in your Sonatype Account: https://my-sonatype-domain.com/#admin/repository/repositories
and create a docker type repository
Note
Make sure the repository can be accessed through HTTPS, as Docker requires it.
Depending on how you configured the HTTP(S) repository connectors and the eventually subdomain connectors, you may see the Bunnyshell built docker images stored in the Sonatype Nexus repository under
v2/repository/<repository-name>
folder. They work just fine from there too.
You will use the following info to connect to Bunnyshell:
- Sonatype domain
- Repository name
Configure access to Sonatype Nexus Repository
If you will be using admin credentials in Bunnyshell, then everything will work. But is a good idea to create a dedicated user and give it access only to a specific repository, which you will connect to Bunnyshell.
After you have created the repository you can:
- Create a Security Role from Server administration and configuration > Security > Roles. For example you can name it
<repository-name>-access
- Apply the following privileges on the role:
- nx-repository-view-docker--read - this will give also access for
docker login
- nx-repository-view-docker--edit - this will give access for
docker push
- nx-repository-view-docker--add - somehow this is required for Kaniko to push the images
- nx-repository-view-docker--delete - Bunnyshell currently doesn't do any cleanup in the connected image registries, but it may be a possible feature, so you can grant it if you want
- nx-repository-view-docker--read - this will give also access for
- OR apply just the nx-repository-view-docker--* privilege which grants all the above privileges.
- Apply the following privileges on the role:
- Create a User from Server administration and configuration > Security > Users, and grant it the above created Role.
Connect your Sonatype Nexus repository
In the Bunnyshell interface
- In the sidebar click Integrations and select Container Registries
- Click the Connect container registry button and select Sonatype Nexus
- A new window will pop-up, where you will have to provide the following information
- Name: pick a name for your repository when you connect it to Bunnyshell
- Sonatype Server: the domain where you host the Sonatype Nexus repository
- Repository Name: the
<repository-name>
from Sonatype - Sonatype Username: the username from Sonatype
- Sonatype Password: the password of the above user
Updated 4 months ago