Attention: Deprecation notice for Bintray, JCenter, GoCenter and ChartCenter. Learn More


Chart version: 105.0.0
Api version: v2
App version: 1.105.0
Sonatype Nexus IQ Server continuously monitors your entire soft...
Chart Type
Set me up:
helm repo add center
Install Chart:
helm install nexus-iq-server center/sonatype/nexus-iq-server
Versions (0)

Sonatype IQ server

Sonatype Nexus IQ Server is everything you need to know to trust your software supply chain. It powers Nexus Firewall, Nexus Lifecycle, and Nexus Auditor.


  • Kubernetes 1.8+ with Beta APIs enabled
  • PV provisioner support in the underlying infrastructure
  • Helm 3

These charts are designed to work out of the box with minikube using both ingess and ingress-dns addons.

The current releases have been tested on minikube v1.14.2 running k8s v1.19.2

Adding the repo

To Add as a Helm Repo

## Testing the Chart
To test the chart:
$ helm install --dry-run --debug ./

To test the chart with your own values:

$ helm install --dry-run --debug -f my_values.yaml ./

Installing the Chart

To install the chart:

$ helm install nexus-iq sonatype/nexus-iq-server [ --version v90.0.0 ]

The above command deploys IQ on the Kubernetes cluster in the default configuration. Note the optional version flag.

You can pass custom configuration values as:

helm install -f myvalues.yaml ./ --name sonatype-

The default login is admin/admin123

Upgrading the Chart

Note: optional version flag shown

## Uninstalling the Chart

To uninstall/delete the deployment:

$ helm list
NAME           	REVISION	UPDATED                 	STATUS  	CHART      	                NAMESPACE
plinking-gopher	1       	Fri Sep  1 13:19:50 2017	DEPLOYED	iqserver-0.1.0	            default
$ helm delete plinking-gopher

The command removes all the Kubernetes components associated with the chart and deletes the release.

Chart Configuration Options

Parameter Description Default
iq.imageName The image name to use for the IQ Container, eg sonatype/nexus-iq-server ""
iq.imagePullSecret The base-64 encoded secret to pull a container from Red Hat ""
iq.applicationPort Port of the application connector. Must match the value in the configYaml property 8070
iq.adminPort Port of the application connector. Must match the value in the configYaml property 8071
iq.memory The amount of RAM to allocate 1Gi
iq.licenseSecret The base-64 encoded license file to be installed at startup ""
iq.configYaml A YAML block which will be used as a configuration block for IQ Server. See values.yaml
iq.env IQ server environment variables [{JAVA_OPTS: -Xms1200M -Xmx1200M}]
iq.secretName The name of a secret to mount inside the container See values.yaml
iq.secretMountName Where in the container to mount the data from secretName See values.yaml
ingress.enabled Create an ingress for Nexus true
ingress.annotations Annotations to enhance ingress configuration {}
ingress.tls.enabled Enable TLS true
ingress.tls.secretName Name of the secret storing TLS cert, false to use the Ingress’ default certificate nexus-tls
ingress.path Path for ingress rules. GCP users should set to /* /
deployment.preStart.command Command to run before starting the IQ Server container nil
deployment.postStart.command Command to run after starting the IQ Server container nil
deployment.terminationGracePeriodSeconds Update termination grace period (in seconds) 120s
persistence.storageClass The provisioner class - (disables dynamic provisioning
persistence.storageSize The amount of drive space to allocate 1Gi
persistence.accessMode Default access mode ReadWriteOnce
persistence.volumeConfiguration A YAML block to configure the persistent volume type. Defaults to hostPath which should not be used in production hostPath

Configuring IQ Server

You can define the config.yml for IQ Server in your myvalues.yml file on startup. It is the iq.configYaml property. For more details, see the Configuring IQ Server help page. Additionally the server can be started with JAVA_OPTS exported to the environment. This will be added to the server process invocation and can be used for purposes such as changing the server memory settings. See the defaults set in the values.yaml file.

Installing the License

The license file can be installed via the UI when IQ server is running, or it can be done as a part of the deploy. If you leave the licenseFile field empty/commented, IQ Server will start and prompt you to manually install the license when you first enter the GUI.

413 Errors

The default setting for Nginx allows for very small upload sizes. Add this annotation to the ingress for each product to remove teh limit: “0”

Specifying custom Java keystore/truststore

There is an example of how to implement this in the values.yaml file using secrets to store both the Java keystores and their associated passwords. In order to utilize the provided example directly secrets can be created from a directory containing the keystore and truststore files like so:

kubectl create secret generic secret-jks