nexus-gitops

Everything needed to deploy Nexus on Kubernetes. This repo is named nexus-gitops (not nexus-helm) because it holds more than Helm: Argo CD apps, Flux manifests, per-environment values, secret templates, and cluster config.

Structure

nexus-gitops/
  charts/
    nexus/
      Chart.yaml
      values.yaml
      templates/
        core-deployment.yaml
        worker-deployment.yaml
        telegram-deployment.yaml
        ui-deployment.yaml
        serviceaccount.yaml
        rbac.yaml
        ingress.yaml
        secrets.yaml
        configmap.yaml

  environments/
    dev/
      values.yaml
    staging/
      values.yaml
    prod/
      values.yaml

  argocd/
    nexus-dev.yaml
    nexus-staging.yaml
    nexus-prod.yaml

  flux/
    kustomization.yaml

  k8s/
    namespaces.yaml
    mongodb.yaml
    nats.yaml

Role

Helm charts for nexus-core, nexus-worker, nexus-telegram, nexus-ui.
Argo CD apps and/or Flux manifests for GitOps delivery.
Per-environment values (dev / staging / prod).
Kubernetes RBAC — including the tightly scoped role that lets nexus-core create agent Jobs in a single namespace.
Ingress / cert-manager config.
MongoDB and NATS JetStream deployment manifests.

Scoped RBAC

Nexus Core's permission to launch agent runs is intentionally narrow:

verbs:
  - create
  - get
  - list
  - watch
  - delete
resources:
  - jobs
  - pods
  - pods/log

Only in the dedicated agent namespace. See Security & permissions.

Dependencies

MongoDB · NATS JetStream · Ingress controller · cert-manager · Prometheus ServiceMonitor

Operations — the deployment runbook
nexus-platform — what gets deployed

Structure​

Role​

Scoped RBAC​

Dependencies​

Related​

Structure

Role

Scoped RBAC

Dependencies

Related