Your DSOP deployment includes several template files that need to be customized with your environment-specific values:
values-template.yaml- Main Helm values with<placeholder>valuesconfig/nexus/ldap-example.json- LDAP configuration templateconfig/nexus/ldap-example.cnf- Certificate generation config templatetemplates/gitea/oauth-secret-example.yaml- OAuth secret template
Replace all <placeholder> values in the template files with your actual environment values:
cp values-template.yaml values.yamlEdit values.yaml and replace placeholders like:
<your-hostname>with your actual hostname<your-domain>with your domain<ip-address>with actual IP addresses- Any other
<placeholder>values
cp config/nexus/ldap-example.json config/nexus/ldap.jsonEdit config/nexus/ldap.json and replace:
<ldap-host>with your LDAP server hostname<domain>with your domain<username>and<password>with actual credentials- Any other
<placeholder>values
cp config/nexus/ldap-example.cnf config/nexus/certs/ldap.cnfEdit config/nexus/certs/ldap.cnf and replace:
<your-domain>with your actual domain<common-name>with the appropriate CN- Any other
<placeholder>values
cp templates/gitea/oauth-secret-example.yaml templates/gitea/oauth-secret.yaml
rm templates/gitea/oauth-secret-example.yamlEdit templates/gitea/oauth-secret.yaml and replace:
<client-id>with your OAuth client ID<client-secret>with your OAuth client secret- Any other
<placeholder>values
- OpenSSL installed
jqinstalled (for extracting values from JSON)- Your
ldap.jsonfile configured from Step 1
-
Prepare the certificate config file:
Your
config/nexus/certs/ldap.cnfshould define the distinguished name, required extensions (key usage, EKU), and Subject Alternative Names (SANs):[req] prompt = no default_md = sha256 distinguished_name = dn req_extensions = req_ext [dn] CN = *.yourdomain.com [req_ext] subjectAltName = @alt_names [alt_names] DNS.1 = *.yourdomain.com [v3_server] basicConstraints = CA:FALSE keyUsage = critical, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names
-
Run the certificate generation script:
From the
dsopdirectory, run:sh config/nexus/ldap-generate-cert.sh
This will generate:
ldap.key- Private keyldap.csr- Certificate signing requestldap.pem- Certificate with proper extensions (serverAuth, SANs)ldap.pfx- PKCS#12 format for Windows/Java import
-
Certificate troubleshooting:
- Ensure the
config/nexus/certs/directory exists before running the script - If you see errors about extensions or SANs, check the format of your
ldap.cnffile - If files are not being ignored by git, add
config/nexus/certs/to your.gitignore
- Ensure the
-
Customization:
- Edit
ldap.cnfto match your domain and requirements
- Edit
The LDAPS certificate for Nexus is managed through:
-
Update import the certificate into your LDAP server
-
Upgrade the Helm release:
helm install dsop .
-
Check service logs:
kubectl logs -l app.kubernetes.io/name=nexus-repository-manager -f kubectl logs -l app.kubernetes.io/name=gitea -f
-
Test connections:
- Access Nexus UI and verify LDAP connection works
- Access Gitea UI and verify OAuth/LDAP authentication
- Test any other configured integrations
| File | Purpose | Key Placeholders |
|---|---|---|
values-template.yaml |
Main Helm values | <hostname>, <domain>, <ip-address> |
config/nexus/ldap-example.json |
LDAP config | <ldap-host>, <domain>, <username>, <password> |
config/nexus/ldap-example.cnf |
Cert config | <your-domain>, <common-name> |
templates/gitea/oauth-secret-example.yaml |
OAuth secret | <client-id>, <client-secret> |
- Configuration errors: Double-check that all
<placeholder>values have been replaced - Certificate issues: Ensure the certificate matches your configured hostnames
- Connection issues: Verify network connectivity and DNS resolution
- Authentication failures: Check credentials and LDAP/OAuth configuration
Important: Always replace ALL <placeholder> values in template files before deployment to avoid configuration errors.