m88i
diff --git a/‎.github/workflows/nexus-operator-integration-checks.yaml
+1-1 b/‎.github/workflows/nexus-operator-integration-checks.yaml
+1-1
diff --git a/‎Dockerfile
+4-1 b/‎Dockerfile
+4-1
diff --git a/‎Makefile
-2 b/‎Makefile
-2
diff --git a/‎README.md
+17-1 b/‎README.md
+17-1
diff --git a/‎RELEASE_NOTES.md
+1 b/‎RELEASE_NOTES.md
+1
diff --git a/‎api/v1alpha1/nexus_types.go
+6 b/‎api/v1alpha1/nexus_types.go
+6
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go
+7 b/‎api/v1alpha1/zz_generated.deepcopy.go
+7
diff --git a/‎api/v1alpha1/zz_generated.openapi.go
+15 b/‎api/v1alpha1/zz_generated.openapi.go
+15
diff --git a/‎bundle.Dockerfile
+1-1 b/‎bundle.Dockerfile
+1-1
diff --git a/‎bundle/manifests/apps.m88i.io_nexus.yaml
+8-3 b/‎bundle/manifests/apps.m88i.io_nexus.yaml
+8-3
diff --git a/‎bundle/manifests/nexus-operator.clusterserviceversion.yaml
+12-7 b/‎bundle/manifests/nexus-operator.clusterserviceversion.yaml
+12-7
diff --git a/‎bundle/metadata/annotations.yaml
+1-1 b/‎bundle/metadata/annotations.yaml
+1-1
diff --git a/‎config/crd/bases/apps.m88i.io_nexus.yaml
+8 b/‎config/crd/bases/apps.m88i.io_nexus.yaml
+8
diff --git a/‎config/manifests/bases/nexus-operator.clusterserviceversion.yaml
+6-6 b/‎config/manifests/bases/nexus-operator.clusterserviceversion.yaml
+6-6
diff --git a/‎config/rbac/role.yaml
+5 b/‎config/rbac/role.yaml
+5
diff --git a/‎controllers/nexus/resource/deployment/configmap.go
+35 b/‎controllers/nexus/resource/deployment/configmap.go
+35
diff --git a/‎controllers/nexus/resource/deployment/deployment.go
+35-1 b/‎controllers/nexus/resource/deployment/deployment.go
+35-1
diff --git a/‎controllers/nexus/resource/deployment/deployment_test.go
+7-6 b/‎controllers/nexus/resource/deployment/deployment_test.go
+7-6
@@ -12,7 +12,7 @@ on:
     branches:
       - main
 env:
-  OPERATOR_SDK_VERSION: v1.2.0
+  OPERATOR_SDK_VERSION: v1.4.2
   GO_VERSION: 1.15
 jobs:
   golint:
 
@@ -1,5 +1,6 @@
 # Build the manager binary
-FROM golang:1.15 as builder
+# See Red Hat catalog: https://catalog.redhat.com/software/containers/ubi8/go-toolset/5ce8713aac3db925c03774d1?container-tabs=overview
+FROM registry.access.redhat.com/ubi8/go-toolset:1.15.14 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
@@ -15,12 +16,14 @@ COPY api/ api/
 COPY controllers/ controllers/
 COPY pkg/ pkg/
 
+USER root
 # Build
 RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager main.go
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:latest
 WORKDIR /
 COPY --from=builder /workspace/manager .
+RUN chown -R 1001 manager
 USER 1001
 
 ENTRYPOINT ["/manager"]
@@ -39,8 +39,6 @@ K8S_VERSION=1.19.0
 test: generate-installer fmt vet bundle
 	mkdir -p ${ENVTEST_ASSETS_DIR}
 	test -f ${ENVTEST_ASSETS_DIR}/setup-envtest.sh || curl -sSLo ${ENVTEST_ASSETS_DIR}/setup-envtest.sh https://raw.githubusercontent.com/kubernetes-sigs/controller-runtime/v0.6.3/hack/setup-envtest.sh # this is a workaround while we don't upgrade the sdk
-	#sed -i "s,#\!.*,#\!\/bin\/bash,g" ${ENVTEST_ASSETS_DIR}/setup-envtest.sh
-	#sed -i "/pipefail/d" ${ENVTEST_ASSETS_DIR}/setup-envtest.sh
 	source ${ENVTEST_ASSETS_DIR}/setup-envtest.sh; ENVTEST_K8S_VERSION=$(K8S_VERSION) fetch_envtest_tools $(ENVTEST_ASSETS_DIR); setup_envtest_env $(ENVTEST_ASSETS_DIR); go test ./... -coverprofile cover.out
 
 generate-installer: generate manifests kustomize
 
@@ -17,10 +17,11 @@ Table of Contents
       * [Automatic Updates](#automatic-updates)
          * [Successful Updates](#successful-updates)
          * [Failed Updates](#failed-updates)
+      * [Custom Configuration](#custom-configuration)
       * [Networking](#networking)
          * [Use NodePort](#use-nodeport)
          * [Network on OpenShift](#network-on-openshift)
-         * [Network on Kubernetes 1.14+](#network-on-kubernetes-114)
+         * [Network on Kubernetes 1.14 ](#network-on-kubernetes-114)
             * [NGINX Ingress troubleshooting](#nginx-ingress-troubleshooting)
          * [Ignoring external changes to Ingress/Route resources](#ignoring-external-changes-to-ingressroute-resources)
          * [TLS/SSL](#tlsssl)
@@ -235,6 +236,21 @@ $ kubectl get events
   9m45s       Warning   UpdateFailed        nexus/nexus3                   Failed to update to 3.26.1. Human intervention may be required
 # (output omitted)
 ```
+## Custom Configuration
+
+Starting on version 0.6.0, the operator now mounts a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) with
+the contents of the [`nexus.properties`](https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment) file
+in the path `$NEXUS_DATA/etc/nexus.properties`.
+
+The Nexus Operator mount this file with the contents of the field `Spec.Properties` using [the Java properties format](https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html#load-java.io.Reader-). 
+If you change this field, the operator will deploy a new pod _immediately_ to reflect the changes applied in the `ConfigMap`.
+
+**Don't update** the managed `ConfigMap` directly, otherwise the operator will replace its contents with `Spec.Properties` field.
+Always use the Nexus CR as the only source of truth. See this [example](examples/nexus3-centos-no-volume-custom-properties.yaml) to
+learn how to properly set your properties directly in the CR.
+
+> **Beware!** Since we don't support HA yet, the server will be unavailable until the next pod comes up. Try to update the configuration only 
+> when you can afford to have the server unavailable.
 
 ## Networking
 
 
@@ -5,5 +5,6 @@
 - \#205 - Provide a way to specify user-defined ingress annotations
 - \#200 - OpenShift: Allow to configure "host" in the "route" manifest
 - \#201 - Provide a way to specify a separate PVC for the blob store
+- \#204 - Feature request: allow setting settings in nexus.properties (feature flags, etc)
 
 ### Bug Fixes
@@ -109,6 +109,12 @@ type NexusSpec struct {
 	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
 	// +optional
 	ServerOperations ServerOperationsOpts `json:"serverOperations,omitempty"`
+
+	// Properties describes the configuration properties in the Java properties format that will be included in the nexus.properties file mounted with the Nexus server deployment.
+	// For example: nexus.conan.hosted.enabled: true
+	// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
+	// +optional
+	Properties map[string]string `json:"properties,omitempty"`
 }
 
 // NexusPersistence is the structure for the data persistent
 
@@ -5,7 +5,7 @@ LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=nexus-operator
 LABEL operators.operatorframework.io.bundle.channels.v1=alpha
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.2.0
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.4.2
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v2
 LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/
 
@@ -118,9 +118,9 @@ spec:
                 exposeAs:
                   description: 'Type of networking exposure: NodePort, Route or Ingress. Defaults to Route on OpenShift and Ingress on Kubernetes. Routes are only available on Openshift and Ingresses are only available on Kubernetes.'
                   enum:
-                    - NodePort
-                    - Route
-                    - Ingress
+                  - NodePort
+                  - Route
+                  - Ingress
                   type: string
                 host:
                   description: Host where the Nexus service is exposed. This attribute is required if the service is exposed via Ingress.
@@ -1074,6 +1074,11 @@ spec:
               required:
               - persistent
               type: object
+            properties:
+              additionalProperties:
+                type: string
+              description: 'Properties describes the configuration properties in the Java properties format that will be included in the nexus.properties file mounted with the Nexus server deployment. For example: nexus.conan.hosted.enabled: true'
+              type: object
             readinessProbe:
               description: ReadinessProbe describes how the Nexus container readiness probe should work
               properties:
 
@@ -38,7 +38,7 @@ metadata:
     containerImage: quay.io/m88i/nexus-operator:0.6.0
     createdAt: "2019-11-16T13:12:22Z"
     description: Nexus Operator to deploy and manage Nexus 3.x servers
-    operators.operatorframework.io/builder: operator-sdk-v1.2.0
+    operators.operatorframework.io/builder: operator-sdk-v1.4.2
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v2
     repository: https://github.com/m88i/nexus-operator
     support: m88i Labs
@@ -133,7 +133,12 @@ spec:
           - configmaps
           verbs:
           - create
+          - delete
           - get
+          - list
+          - patch
+          - update
+          - watch
         - apiGroups:
           - ""
           resources:
@@ -296,13 +301,13 @@ spec:
   labels:
     name: nexus-operator
   links:
-    - name: Documentation
-      url: https://github.com/m88i/nexus-operator/blob/main/README.md
-    - name: Nexus Operator source code repository
-      url: https://github.com/m88i/nexus-operator
+  - name: Documentation
+    url: https://github.com/m88i/nexus-operator/blob/main/README.md
+  - name: Nexus Operator source code repository
+    url: https://github.com/m88i/nexus-operator
   maintainers:
-    - email: [email protected]
-      name: m88i Labs
+  - email: [email protected]
+    name: m88i Labs
   maturity: alpha
   provider:
     name: m88i Labs
 
@@ -4,7 +4,7 @@ annotations:
   operators.operatorframework.io.bundle.mediatype.v1: registry+v1
   operators.operatorframework.io.bundle.metadata.v1: metadata/
   operators.operatorframework.io.bundle.package.v1: nexus-operator
-  operators.operatorframework.io.metrics.builder: operator-sdk-v1.2.0
+  operators.operatorframework.io.metrics.builder: operator-sdk-v1.4.2
   operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
   operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v2
   operators.operatorframework.io.test.config.v1: tests/scorecard/
 
@@ -1686,6 +1686,14 @@ spec:
               required:
               - persistent
               type: object
+            properties:
+              additionalProperties:
+                type: string
+              description: 'Properties describes the configuration properties in the
+                Java properties format that will be included in the nexus.properties
+                file mounted with the Nexus server deployment. For example: nexus.conan.hosted.enabled:
+                true'
+              type: object
             readinessProbe:
               description: ReadinessProbe describes how the Nexus container readiness
                 probe should work
 
@@ -291,13 +291,13 @@ spec:
   labels:
     name: nexus-operator
   links:
-    - name: Documentation
-      url: https://github.com/m88i/nexus-operator/blob/main/README.md
-    - name: Nexus Operator source code repository
-      url: https://github.com/m88i/nexus-operator
+  - name: Documentation
+    url: https://github.com/m88i/nexus-operator/blob/main/README.md
+  - name: Nexus Operator source code repository
+    url: https://github.com/m88i/nexus-operator
   maintainers:
-    - email: [email protected]
-      name: m88i Labs
+  - email: [email protected]
+    name: m88i Labs
   maturity: alpha
   provider:
     name: m88i Labs
 
@@ -64,7 +64,12 @@ rules:
   - configmaps
   verbs:
   - create
+  - delete
   - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:
 
@@ -0,0 +1,35 @@
+// Copyright 2021 Nexus Operator and/or its authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package deployment
+
+import (
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/m88i/nexus-operator/pkg/util"
+
+	"github.com/m88i/nexus-operator/api/v1alpha1"
+	"github.com/m88i/nexus-operator/controllers/nexus/resource/meta"
+)
+
+const nexusPropertiesFilename = "nexus.properties"
+
+func newConfigMap(nexus *v1alpha1.Nexus) *corev1.ConfigMap {
+	return &corev1.ConfigMap{
+		ObjectMeta: meta.DefaultObjectMeta(nexus),
+		Data: map[string]string{
+			nexusPropertiesFilename: util.FromMapToJavaProperties(nexus.Spec.Properties),
+		},
+	}
+}
@@ -20,6 +20,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/m88i/nexus-operator/pkg/framework"
+
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -46,7 +48,9 @@ const (
 	heapSizeDefault            = "1718m"
 	maxDirectMemorySizeDefault = "2148m"
 	nexusDataDir               = "/nexus-data"
-	nexusContainerName         = "nexus-server"
+	// see: https://help.sonatype.com/repomanager3/installation/configuring-the-runtime-environment
+	nexusConfigFileMountPath = nexusDataDir + "/etc/" + nexusPropertiesFilename
+	nexusContainerName       = "nexus-server"
 )
 
 var (
@@ -154,6 +158,7 @@ func addVolumes(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
 		addInstallationVolume(nexus, deployment)
 	}
 	addExtraVolumes(nexus, deployment)
+	addConfigMapVolume(nexus, deployment)
 }
 
 func addInstallationVolume(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
@@ -188,6 +193,35 @@ func addExtraVolumes(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
 	}
 }
 
+func addConfigMapVolume(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
+	volumeName := fmt.Sprintf("%s-config", nexus.Name)
+	deployment.Spec.Template.Spec.Volumes =
+		append(deployment.Spec.Template.Spec.Volumes, corev1.Volume{
+			Name: volumeName,
+			VolumeSource: corev1.VolumeSource{
+				ConfigMap: &corev1.ConfigMapVolumeSource{
+					LocalObjectReference: corev1.LocalObjectReference{
+						Name: nexus.Name,
+					},
+					Items: []corev1.KeyToPath{
+						{
+							Key:  nexusPropertiesFilename,
+							Path: nexusPropertiesFilename,
+						},
+					},
+					DefaultMode: &framework.ReadWritePermission,
+				},
+			},
+		})
+	deployment.Spec.Template.Spec.Containers[0].VolumeMounts =
+		append(deployment.Spec.Template.Spec.Containers[0].VolumeMounts, corev1.VolumeMount{
+			Name:      volumeName,
+			MountPath: nexusConfigFileMountPath,
+			ReadOnly:  false,
+			SubPath:   nexusPropertiesFilename,
+		})
+}
+
 func applyJVMArgs(nexus *v1alpha1.Nexus, deployment *appsv1.Deployment) {
 	jvmMemory, directMemSize := calculateJVMMemory(deployment.Spec.Template.Spec.Containers[0].Resources.Limits)
 	jvmArgsMap[jvmArgsXms] = jvmMemory
 
@@ -58,8 +58,9 @@ func Test_newDeployment_WithoutPersistence(t *testing.T) {
 	assert.Equal(t, int32(nexusContainerPort), deployment.Spec.Template.Spec.Containers[0].LivenessProbe.HTTPGet.Port.IntVal)
 	assert.Equal(t, int32(nexusContainerPort), deployment.Spec.Template.Spec.Containers[0].ReadinessProbe.HTTPGet.Port.IntVal)
 
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 0)
-	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 0)
+	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
+	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 1)
+	assert.Equal(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath, nexusConfigFileMountPath)
 
 	assert.Equal(t, appName, deployment.Labels[meta.AppLabel])
 	assert.Equal(t, appName, deployment.Spec.Template.Labels[meta.AppLabel])
@@ -88,8 +89,8 @@ func Test_newDeployment_WithPersistence(t *testing.T) {
 	deployment := newDeployment(nexus)
 
 	assert.Len(t, deployment.Spec.Template.Spec.Containers, 1)
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 1)
-	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 1)
+	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 2)
+	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 2)
 	assert.Equal(t, nexusDataDir, deployment.Spec.Template.Spec.Containers[0].VolumeMounts[0].MountPath)
 }
 
@@ -250,8 +251,8 @@ func Test_newDeployment_WithExtraVolumes(t *testing.T) {
 	}
 
 	deployment := newDeployment(nexus)
-	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 2)
-	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 2)
+	assert.Len(t, deployment.Spec.Template.Spec.Volumes, 3)
+	assert.Len(t, deployment.Spec.Template.Spec.Containers[0].VolumeMounts, 3)
 	assert.True(t, deploymentContainsNexusVolume(deployment, nexus.Spec.Persistence.ExtraVolumes[0]))
 	assert.True(t, deploymentContainsNexusVolume(deployment, nexus.Spec.Persistence.ExtraVolumes[1]))
 }