Hi all
We run kubernetes on google cloud, and we have 2 projects (and 2 k8s clusters), the usual suspects “dev” and “prod”.
I would like to introduce nexus 3 as a library repository: devs will release new versions of shared libraries and cloudbuild (google CI) will use them to build/test our apps.
Problems are
- developers have zero access to “prod”
- “prod” and “dev” projects cannot talk to each other
So a developer would push a library to a nexus running in “dev”, but when that app is built in “prod”, the “prod” CI won’t be able to access the instance of nexus running in “dev”
Possible solutions I see are:
- developers don’t publish libraries directly to a nexus instance, they tag the commit on git, and then 2 CIs running in “prod” and “dev” will build and publish the same library to their respective nexus instance, one for each project
- developers push to a “dev” nexus instance, and a background task regularly copies the data folder from dev to prod, keeping the “prod” instance in sync
- use some VPC magic so that prod CI can talk to the nexus instance running in dev
Any better ideas?