From dab5ce588a65c491b3e24cfba727083b5006b4ff Mon Sep 17 00:00:00 2001 From: Faizan Ahmad Date: Mon, 3 Jul 2023 18:43:32 +0200 Subject: [PATCH] #12884 Fix sonarqube helm chart --- argocd-helm-charts/sonarqube/Chart.lock | 6 +- argocd-helm-charts/sonarqube/Chart.yaml | 2 +- .../sonarqube/charts/sonarqube/CHANGELOG.md | 76 ++++++ .../sonarqube/charts/sonarqube/Chart.lock | 6 +- .../sonarqube/charts/sonarqube/Chart.yaml | 48 ++-- .../sonarqube/charts/sonarqube/README.md | 164 +++++++---- .../charts/sonarqube/requirements.lock | 9 - .../charts/sonarqube/requirements.yaml | 9 - .../charts/sonarqube/templates/_helpers.tpl | 38 ++- .../charts/sonarqube/templates/config.yaml | 15 +- .../sonarqube/templates/deployment.yaml | 256 ++++++++++++------ .../charts/sonarqube/templates/ingress.yaml | 31 +-- .../sonarqube/templates/install-plugins.yaml | 9 +- .../templates/prometheus-podmonitor.yaml | 37 +++ .../charts/sonarqube/templates/secret.yaml | 16 ++ .../sonarqube/templates/sonarqube-sts.yaml | 73 +++-- .../templates/tests/sonarqube-test.yaml | 42 +-- .../templates/tests/test-config.yaml | 16 -- .../charts/sonarqube/values.schema.json | 12 +- .../sonarqube/charts/sonarqube/values.yaml | 46 +++- .../sonarqube/templates/postgres.yaml | 9 +- argocd-helm-charts/sonarqube/values.yaml | 9 +- 22 files changed, 564 insertions(+), 365 deletions(-) delete mode 100644 argocd-helm-charts/sonarqube/charts/sonarqube/requirements.lock delete mode 100644 argocd-helm-charts/sonarqube/charts/sonarqube/requirements.yaml create mode 100644 argocd-helm-charts/sonarqube/charts/sonarqube/templates/prometheus-podmonitor.yaml delete mode 100644 argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/test-config.yaml diff --git a/argocd-helm-charts/sonarqube/Chart.lock b/argocd-helm-charts/sonarqube/Chart.lock index 7b069406a..141c1c3d9 100644 --- a/argocd-helm-charts/sonarqube/Chart.lock +++ b/argocd-helm-charts/sonarqube/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: sonarqube repository: https://SonarSource.github.io/helm-chart-sonarqube - version: 6.0.0+403 -digest: sha256:f7d899543b26698dd51497d407054818398db3403432e2e42bc87beddfa332c0 -generated: "2022-10-20T09:37:08.393122576Z" + version: 10.1.0+628 +digest: sha256:6a35dd122971a52f9b292cd4fc51e616914d374745cea0f987dd5017c61cdf6b +generated: "2023-06-27T16:11:26.512460512+05:30" diff --git a/argocd-helm-charts/sonarqube/Chart.yaml b/argocd-helm-charts/sonarqube/Chart.yaml index 1cd82fdb3..24ff60286 100644 --- a/argocd-helm-charts/sonarqube/Chart.yaml +++ b/argocd-helm-charts/sonarqube/Chart.yaml @@ -9,5 +9,5 @@ name: sonarqube version: 4.0.2+325 dependencies: - name: sonarqube - version: 6.0.0+403 + version: 10.1.0+628 repository: https://SonarSource.github.io/helm-chart-sonarqube diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/CHANGELOG.md b/argocd-helm-charts/sonarqube/charts/sonarqube/CHANGELOG.md index 58af5b0e3..8dd23f9f5 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/CHANGELOG.md +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/CHANGELOG.md @@ -1,6 +1,82 @@ # SonarQube Chart Changelog All changes to this chart will be documented in this file. +## [10.1.0] +* Update SonarQube to 10.1.0 +* Support Kubernetes v1.27 while dropping v1.23 +* Changed default test process to wget, using sonarqube image as default +* Update Chart's version to 10.1.0 +* Fix liveness probe to detect when a failure occurs. + +## [10.0.0] +* Update SonarQube to 10.0.0 +* Helm chart versioning will now follow the SonarQube product versioning + +## [9.5.1] +* Make `jvmOpts` and `jvmCeOpts` not override env vars and sonar properties + +## [9.5.0] +* Add helm-chart-sonarqube as chart source + +## [9.4.2] +* Fixed unsupported wget parameter `--proxy off` with `--no-proxy` + +## [9.4.1] +* Fix install_plugins.sh not deleting previously installed plugins + +## [9.4.0] +* Added support for `extraVolumes` and `extraVolumeMounts` in sonar pod. + +## [9.3.1] +* Clarify doc for custom cacert secret + +## [9.3.0] +* Refactor Deployment manifest to match the Statefulset manifest + +## [9.2.0] +* Add a configurable Prometheus PodMonitor resource +* Refactor Prometheus exporter's documentation and bump to version 0.17.2 + +## [9.1.0] +* Allow setting priorityClassName for StatefulSets + +## [9.0.1] +* Adds timeoutSeconds parameter to probes + +## [9.0.0] +* Update SonarQube logo +* Bootstrap chart version 9.x.x dedicated to the future SonarQube 10.0 +## [8.0.0] +* Update SonarQube to 9.9.0 +* Bootstrap chart version 8.x.x dedicated to SonarQube 9.9 LTS + +## [7.0.2] +* Update the list of supported kubernetes versions + +## [7.0.1] +* Set a new default (maximum) allowed size of the client request body on the ingress + +## [7.0.0] +* Update SonarQube to 9.8.0 + +## [6.2.1] +* Update the postgresql chart's repository + + +## [6.2.0] +* Refactor Ingress to be compatible with static compatibitly test and 1.19 minimum requirement + +## [6.1.2] +* Updated SonarQube to 9.7.1 + +## [6.1.1] +* Refactor templating of ConfigMap for sonar.properties +* Fix the bug where sonarSecretKey was not applied without sonar.properties set + +## [6.1.0] +* Fix the installation of plugins using the standard folder `extensions/plugins` instead of `extensions/downloads` and `lib/common` +* Remove `plugins.lib` and other small edits in the documentation + ## [6.0.0] * Updated SonarQube to 9.7.0 diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.lock b/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.lock index 5d446c756..69aae82d5 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.lock +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 10.15.0 - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx version: 4.0.13 -digest: sha256:5612be33416d0996cc9f48746c6a61f92d406c43df48dffafc073188b6d7754f -generated: "2022-01-06T14:17:34.853574059+01:00" +digest: sha256:eb84d38cb9cc5c49b8828240213ff53c25bb5b6f5101f88671a40e08dd0ba049 +generated: "2022-12-20T14:37:33.067762+01:00" diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.yaml index 101063737..9d19fa329 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/Chart.yaml @@ -1,54 +1,43 @@ annotations: artifacthub.io/changes: | - kind: changed - description: "Updated SonarQube to 9.7.0" - - kind: fixed - description: "Fix the right-dash curly brace issue with the additional network policy parameter" - - kind: added - description: "Allow `tests.image` to be configured and update README accordingly" - - kind: added - description: "Allow `tests.initContainers.image` to be configured and update README accordingly" + description: "Upgrading SonarQube to 10.1.0" - kind: changed - description: "Use the networkPolicy.prometheusNamespace value for the network policy namespace selector" + description: "Support Kubernetes v1.27 while dropping v1.23" - kind: changed - description: "Uncomment default value in values.yaml for backwards compatibility" - - kind: added - description: "Add support for monitoringPasscode passed as a secret and removal of livenessprobe httpheader defined in clear text" + description: "Changed default test process to wget, using sonarqube image as default" - kind: changed - description: "Bump apiVersion to v2" + description: "Update Chart's version to 10.1.0" - kind: changed - description: "Set the number of allowed replicas to 0 and 1" - - kind: added - description: "Add documentation for ingress tls" - - kind: added - description: "Add documentation for sonarProperties and sonarSecretProperties" - - kind: added - description: "Add the possibility of using a secret for customizing the admin password" + description: "Fix liveness probe to detect when a failure occurs." artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube - image: sonarqube:9.7.0-community + image: sonarqube:10.1.0-community artifacthub.io/links: | - name: support url: https://community.sonarsource.com/ - name: Chart Source url: https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube apiVersion: v2 -appVersion: 9.7.0 +appVersion: 10.1.0 dependencies: - condition: postgresql.enabled name: postgresql - repository: https://charts.bitnami.com/bitnami + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami version: 10.15.0 - condition: nginx.enabled name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx version: 4.0.13 -description: SonarQube offers Code Quality and Code Security analysis for up to 27 - languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout - your workflow. +description: SonarQube is a self-managed, automatic code review tool that systematically + helps you deliver clean code. As a core element of our Sonar solution, SonarQube + integrates into your existing workflow and detects issues in your code to help you + perform continuous code inspections of your projects. The tool analyses 30+ different + programming languages and integrates into your CI pipeline and DevOps platform to + ensure that your code meets high-quality standards. home: https://www.sonarqube.org/ -icon: https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg +icon: https://raw.githubusercontent.com/SonarSource/sonarqube-static-resources/master/helm/SonarQubeLogo.svg keywords: - coverage - security @@ -58,9 +47,14 @@ kubeVersion: '>= 1.19.0-0' maintainers: - email: leo.geoffroy+helm@sonarsource.com name: leo-geoffroy-sonarsource +- email: carmine.vassallo@sonarsource.com + name: carminevassallo +- email: jeremy.cotineau@sonarsource.com + name: jCOTINEAU name: sonarqube sources: +- https://github.com/SonarSource/helm-chart-sonarqube - https://github.com/SonarSource/docker-sonarqube - https://github.com/SonarSource/sonarqube type: application -version: 6.0.0+403 +version: 10.1.0+628 diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/README.md b/argocd-helm-charts/sonarqube/charts/sonarqube/README.md index e2a37f139..47c9ca275 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/README.md +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/README.md @@ -4,15 +4,19 @@ Code better in up to 27 languages. Improve Code Quality and Code Security throug ## Introduction -This chart bootstraps an instance of the latest SonarQube version with a PostgreSQL database. A helm chart is also available for the [LTS version](../sonarqube-lts). +This chart bootstraps an instance of the latest SonarQube version with a PostgreSQL database. -Please note that this chart only supports SonarQube Community, Developer, and Enterprise Editions. +The latest version of the chart installs the latest SonarQube version. + +To install the version of the chart for SonarQube 9.9 LTS, please read the section [below](#installing-the-sonarqube-99-lts-chart). Deciding between LTS and Latest? [This may help](https://www.sonarsource.com/products/sonarqube/downloads/lts/) + +Please note that this chart only supports SonarQube Community, Developer, and Enterprise editions. ## Compatibility -| SonarQube Version | Kubernetes Version | Helm Chart Version | -|-------------------|--------------------|--------------------| -| latest | 1.19, 1.20, 1.21 | 2.0 | +Compatible SonarQube Version: `10.1.0` + +Supported Kubernetes Versions: From `1.24` to `1.27` ## Installing the chart @@ -25,10 +29,23 @@ kubectl create namespace sonarqube helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube ``` -The above command deploys Sonarqube on the Kubernetes cluster in the default configuration in the sonarqube namespace. The [configuration](#configuration) section lists the parameters that can be configured during installation. +The above command deploys SonarQube on the Kubernetes cluster in the default configuration in the sonarqube namespace. The [configuration](#configuration) section lists the parameters that can be configured during installation. The default login is admin/admin. +## Installing the SonarQube 9.9 LTS chart + +The version of the chart for the SonarQube 9.9 LTS is being distributed as the `8.x.x` version of this chart. + +In order to use it, please set the version constraint `~8`, which is equivalent to `>=8.0.0 && <= 9.0.0`. That version parameter **must** be used in every helm related command including `install`, `upgrade`, `template`, and `diff` (don't treat this as an exhaustive list). + +Example: +``` +helm upgrade --install -n sonarqube --version ~8 sonarqube sonarqube/sonarqube +``` + +To upgrade from the old and unmaintained [sonarqube-lts chart](https://artifacthub.io/packages/helm/sonarqube/sonarqube-lts), please follow the steps described [in this section](#upgrade-from-the-old-sonarqube-lts-to-this-chart). + ## How to use it Take some time to read the Deploy on [SonarQube on Kubernetes](https://docs.sonarqube.org/latest/setup/sonarqube-on-kubernetes/) page. @@ -45,6 +62,36 @@ kindly-newt 1 Mon Oct 2 15:05:44 2017 DEPLOYED sonarqube-0.1.0 $ helm delete kindly-newt ``` +## Prerequisites and suggested settings for production + +Please read the official documentation prerequisites [here](https://docs.sonarqube.org/latest/requirements/prerequisites-and-overview/). + +### Elasticsearch prerequisites + +SonarQube runs Elasticsearch under the hood. + +Elasticsearch is rolling out (strict) prerequisites that cannot be disabled when running in production context (see [this](https://www.elastic.co/blog/bootstrap_checks_annoying_instead_of_devastating) blog post regarding bootstrap checks, and the [official guide](https://www.elastic.co/guide/en/elasticsearch/reference/5.0/bootstrap-checks.html)). + +Because of such constraints, even when running in Docker containers, SonarQube requires some settings at the host/kernel level. + +Please carefully read the following and make sure these configurations are set up at the host level: + +- [vm.max_map_count](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html#vm-max-map-count) +- [seccomp filter should be available](https://github.com/SonarSource/docker-sonarqube/issues/614) + +In general, please carefully read the Elasticsearch's [documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/system-config.html). + +### Production use case + +The SonarQube helm chart is packed with multiple features enabling users to install and test SonarQube on Kubernetes easily. + +Nonetheless, if you intend to run a production-grade SonarQube please follow these recommendations. + +- Set `nginx.enabled` to **false**. This parameter would run the nginx chart. This is useful for testing purposes only. Ingress controllers are critical Kubernetes components, we advise users to install their own. +- Set `postgresql.enabled` to **false**. This parameter would run the postgresql pre-2022 bitnami chart. That is useful for testing purposes, however, given that the database is at the hearth of SonarQube, we advise users to be careful with it and use a well-maintained database as a service or deploy their own database on top of Kubernetes. +- Set `initSysctl.enabled` to **false**. This parameter would run **root** `sysctl` commands, while those sysctl-related values should be set by the Kubernetes administrator at the node level (see [here](#elasticsearch-prerequisites)) +- Set `initFs.enabled` to **false**. This parameter would run **root** `chown` commands. The parameter exists to fix non-posix, CSI, or deprecated drivers. + ## Upgrade 1. Read through the [SonarQube Upgrade Guide](https://docs.sonarqube.org/latest/setup/upgrading/) to familiarize yourself with the general upgrade process (most importantly, back up your database) @@ -53,6 +100,10 @@ $ helm delete kindly-newt 4. Browse to http://yourSonarQubeServerURL/setup and follow the setup instructions 5. Reanalyze your projects to get fresh data +### Upgrade from the old sonarqube-lts to this chart + +Please refer to the Helm upgrade section accessible [here](https://docs.sonarqube.org/latest/setup-and-upgrade/upgrade-the-server/upgrade-guide/) + ## Ingress ### Path @@ -79,39 +130,21 @@ ingress: ## Monitoring -This Helm chart offers the possibilitie to monitor SonarQube with Prometheus. Per default the jmx metrics for the Web Bean and the CE Bean are exposed on port 8000 and 8001. These Values can be configures with `prometheusExporter.webBeanPort` and `prometheusExporter.ceBeanPort`. +This Helm chart offers the possibility to monitor SonarQube with Prometheus. + +### Export JMX metrics + +The prometheus exporter (`prometheusExporter.enabled=true`) converts the JMX metrics into a format that Prometheus can understand. After the metrics are exported, you can connect your Prometheus instance and scrape them. + +Per default the JMX metrics for the Web Bean and the CE Bean are exposed on port 8000 and 8001. These values can be configured with `prometheusExporter.webBeanPort` and `prometheusExporter.ceBeanPort`. ### PodMonitor -if you are using the Prometheus Operator, you can configure a PodMonitor like this to let the scrape configuration automatically be generated by the Operator: - -``` yaml -apiVersion: monitoring.coreos.com/v1 -kind: PodMonitor -metadata: - name: sonarqube - namespace: monitoring -spec: - namespaceSelector: - matchNames: - - sonarqube - podMetricsEndpoints: - - interval: 30s - path: / - scheme: http - targetPort: monitoring-ce - - interval: 30s - path: / - scheme: http - targetPort: monitoring-web - selector: - matchLabels: - app: sonarqube -``` +If a Prometheus Operator is deployed in your cluster, you can enable a PodMonitor resource with `prometheusMonitoring.podMonitor.enabled`. It scrapes the Prometheus endpoint `/api/monitoring/metrics` exposed by the SonarQube application. ## Configuration -The following table lists the configurable parameters of the Sonarqube chart and their default values. +The following table lists the configurable parameters of the SonarQube chart and their default values. ### Global @@ -128,7 +161,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `hostAliases` | Aliases for IPs in /etc/hosts | `[]` | | `podLabels` | Map of labels to add to the pods | `{}` | | `env` | Environment variables to attach to the pods | `{}`| -| `annotations` | Sonarqube Pod annotations | `{}` | +| `annotations` | SonarQube Pod annotations | `{}` | | `edition` | SonarQube Edition to use (e.g. `community`, `developer` or `enterprise`) | `community` | ### NetworkPolicies @@ -148,13 +181,13 @@ The following table lists the configurable parameters of the Sonarqube chart and ### Image -| Parameter | Description | Default | -| --------- | ----------- | ------- | -| `image.repository` | image repository | `sonarqube` | -| `image.tag` | `sonarqube` image tag. | `9.2.4-{{ .Values.edition }}` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecret` | (DEPRECATED) imagePullSecret to use for private repository | `None` | -| `image.pullSecrets` | imagePullSecrets to use for private repository | `None` | +| Parameter | Description | Default | +| --------- | ----------- |--------------------------------| +| `image.repository` | image repository | `sonarqube` | +| `image.tag` | `sonarqube` image tag. | `10.1.0-{{ .Values.edition }}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecret` | (DEPRECATED) imagePullSecret to use for private repository | `None` | +| `image.pullSecrets` | imagePullSecrets to use for private repository | `None` | ### Security @@ -195,7 +228,8 @@ The following table lists the configurable parameters of the Sonarqube chart and | `ingress.hosts[0].servicePort` | Optional field to override the default servicePort of a path | `None` | | `ingress.tls` | Ingress secrets for TLS certificates | `[]` | | `ingress.ingressClassName` | Optional field to configure ingress class name | `None` | -| `ingress.annotations` | Optional field to add extra annotations to the ingress | `None` | +| `ingress.annotations` | Field to add extra annotations to the ingress | {`nginx.ingress.kubernetes.io/proxy-body-size=64m`} | +| `ingress.annotations.nginx.ingress.kubernetes.io/proxy-body-size` | Field to set the maximum allowed size of the client request body | `64m` | ### Route @@ -214,15 +248,18 @@ The following table lists the configurable parameters of the Sonarqube chart and | `readinessProbe.initialDelaySeconds` | ReadinessProbe initial delay for SonarQube checking | `60` | | `readinessProbe.periodSeconds` | ReadinessProbe period between checking SonarQube | `30` | | `readinessProbe.failureThreshold` | ReadinessProbe threshold for marking as failed | `6` | +| `readinessProbe.timeoutSeconds`| ReadinessProbe timeout delay | `1` | | `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | `/` | | `livenessProbe.initialDelaySeconds` | LivenessProbe initial delay for SonarQube checking | `60` | | `livenessProbe.periodSeconds` | LivenessProbe period between checking SonarQube | `30` | | `livenessProbe.sonarWebContext` | SonarQube web context for LivenessProbe | `/` | | `livenessProbe.failureThreshold` | LivenessProbe threshold for marking as dead | `6` | +| `livenessProbe.timeoutSeconds`| LivenessProbe timeout delay | `1` | | `startupProbe.initialDelaySeconds` | StartupProbe initial delay for SonarQube checking | `30` | | `startupProbe.periodSeconds` | StartupProbe period between checking SonarQube | `10` | | `startupProbe.sonarWebContext` | SonarQube web context for StartupProbe | `/` | | `startupProbe.failureThreshold` | StartupProbe threshold for marking as failed | `24` | +| `startupProbe.timeoutSeconds`| StartupProbe timeout delay | `1` | ### InitContainers @@ -251,8 +288,8 @@ The following table lists the configurable parameters of the Sonarqube chart and | Parameter | Description | Default | | --------- | ----------- | ------- | -| `prometheusExporter.enabled` | Use the Prometheus JMX exporter | `true` | -| `prometheusExporter.version` | jmx_prometheus_javaagent version to download from Maven Central | `0.16.0` | +| `prometheusExporter.enabled` | Use the Prometheus JMX exporter | `false` | +| `prometheusExporter.version` | jmx_prometheus_javaagent version to download from Maven Central | `0.17.2` | | `prometheusExporter.noCheckCertificate` | Flag to not check server's certificate when downloading jmx_prometheus_javaagent | `false` | | `prometheusExporter.webBeanPort` | Port where the jmx_prometheus_javaagent exposes the metrics for the webBean | `8000` | | `prometheusExporter.ceBeanPort` | Port where the jmx_prometheus_javaagent exposes the metrics for the ceBean | `8001` | @@ -264,12 +301,20 @@ The following table lists the configurable parameters of the Sonarqube chart and | `prometheusExporter.noProxy` | No proxy for downloading JMX agent | `""` | | `prometheusExporter.securityContext` | Security context for downloading the jmx agent | see `values.yaml` | +### Monitoring (Prometheus PodMonitor) + +| `prometheusMonitoring.podMonitor.enabled` | Enable Prometheus PodMonitor | `false` | +| `prometheusMonitoring.podMonitor.namespace` | Specify a custom namespace where the PodMonitor will be created | `default` | +| `prometheusMonitoring.podMonitor.interval` | Specify the interval how often metrics should be scraped | `30s` | +| `prometheusMonitoring.podMonitor.scrapeTimeout` | Specify the timeout after a scrape is ended | `None` | +| `prometheusMonitoring.podMonitor.jobLabel` | Name of the label on target services that prometheus uses as job name | `None` | + + ### Plugins | Parameter | Description | Default | | --------- | ----------- | ------- | -| `plugins.install` | List of plugin JARs to download and install | `[]` | -| `plugins.lib` | Plugins libraries to download and install | `[]` | +| `plugins.install` | Link(s) to the plugin JARs to download and install | `[]` | | `plugins.resources` | Plugin Pod resource requests & limits | `{}` | | `plugins.httpProxy` | For use behind a corporate proxy when downloading plugins | `""` | | `plugins.httpsProxy` | For use behind a corporate proxy when downloading plugins | `""` | @@ -280,13 +325,13 @@ The following table lists the configurable parameters of the Sonarqube chart and | `plugins.noCheckCertificate` | Flag to not check server's certificate when downloading plugins | `false` | | `plugins.securityContext` | Security context for the container to download plugins | see `values.yaml` | -### Sonarqube Specific +### SonarQube Specific | Parameter | Description | Default | | --------- | ----------- | ------- | -| `jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `""` | -| `jvmCeOpts` | Values to add to SONAR_CE_JAVAOPTS | `""` | -| `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` | +| `jvmOpts` | (DEPRECATED) Values to add to SONARQUBE_WEB_JVM_OPTS | `""` | +| `jvmCeOpts` | (DEPRECATED) Values to add to SONAR_CE_JAVAOPTS | `""` | +| `sonarqubeFolder` | Directory name of SonarQube | `/opt/sonarqube` | | `sonarProperties` | Custom `sonar.properties` key-value pairs (e.g., "sonarProperties.sonar.forceAuthentication=true") | `None` | | `sonarSecretProperties` | Additional `sonar.properties` key-value pairs to load from a secret | `None` | | `sonarSecretKey` | Name of existing secret used for settings encryption | `None` | @@ -294,15 +339,17 @@ The following table lists the configurable parameters of the Sonarqube chart and | `monitoringPasscodeSecretName` | Name of the secret where to load `monitoringPasscode` | `None` | | `monitoringPasscodeSecretKey` | Key of an existing secret containing `monitoringPasscode` | `None` | | `extraContainers` | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars) | `[]` | +| `extraVolumes` | Array of extra volumes to add to the SonarQube deployment | `[]` | +| `extraVolumeMounts` | Array of extra volume mounts to add to the SonarQube deployment | `[]` | ### Resources | Parameter | Description | Default | | --------- | ----------- | ------- | -| `resources.requests.memory` | Sonarqube memory request | `2Gi` | -| `resources.requests.cpu` | Sonarqube cpu request | `400m` | -| `resources.limits.memory` | Sonarqube memory limit | `4Gi` | -| `resources.limits.cpu` | Sonarqube cpu limit | `800m` | +| `resources.requests.memory` | SonarQube memory request | `2Gi` | +| `resources.requests.cpu` | SonarQube cpu request | `400m` | +| `resources.limits.memory` | SonarQube memory limit | `4Gi` | +| `resources.limits.cpu` | SonarQube cpu limit | `800m` | ### Persistence @@ -362,8 +409,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | Parameter | Description | Default | |------------------------------|---------------------------------------------------------------| ------- | | `tests.enabled` | Flag that allows tests to be excluded from the generated yaml | `true` | -| `tests.image` | Change test container image | `bitnami/minideb-extras` | -| `tests.initContainers.image` | Change test init container image | `bats/bats:1.2.1` | +| `tests.image` | Change test container image | `` | ### ServiceAccount @@ -413,12 +459,12 @@ In environments with air-gapped setup, especially with internal tooling (repos) kind: Secret metadata: name: my-cacerts - data: + stringData: cert-1.crt: | xxxxxxxxxxxxxxxxxxxxxxx ``` -2. Upload your `cacerts.yaml` to a secret in the cluster you are installing Sonarqube to. +2. Upload your `cacerts.yaml` to a secret in the cluster you are installing SonarQube to. ```shell kubectl apply -f cacerts.yaml @@ -450,7 +496,7 @@ For environments where another tool, such as terraform or ansible, is used to pr In such environments, configuration may be read, via environment variables, from Secrets and ConfigMaps. -1. Create a `ConfigMap` (or `Secret`) containing key/value pairs, as expected by Sonarqube +1. Create a `ConfigMap` (or `Secret`) containing key/value pairs, as expected by SonarQube. ```yaml apiVersion: v1 diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.lock b/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.lock deleted file mode 100644 index 5d446c756..000000000 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - repository: https://charts.bitnami.com/bitnami - version: 10.15.0 -- name: ingress-nginx - repository: https://kubernetes.github.io/ingress-nginx - version: 4.0.13 -digest: sha256:5612be33416d0996cc9f48746c6a61f92d406c43df48dffafc073188b6d7754f -generated: "2022-01-06T14:17:34.853574059+01:00" diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.yaml deleted file mode 100644 index c3ac9df1c..000000000 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/requirements.yaml +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: postgresql - version: 10.15.0 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled -- name: ingress-nginx - version: 4.0.13 - repository: https://kubernetes.github.io/ingress-nginx - condition: nginx.enabled \ No newline at end of file diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/_helpers.tpl b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/_helpers.tpl index 520e80931..1b56e0989 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/_helpers.tpl +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/_helpers.tpl @@ -107,14 +107,24 @@ Determine JDBC password if internal secret is used Set sonarqube.jvmOpts */}} {{- define "sonarqube.jvmOpts" -}} +{{- $tempJvm := .Values.jvmOpts -}} +{{- if and .Values.sonarProperties (hasKey (.Values.sonarProperties) "sonar.web.javaOpts")}} +{{- $tempJvm = (get .Values.sonarProperties "sonar.web.javaOpts") -}} +{{- else if .Values.env -}} +{{- range $index, $val := .Values.env -}} +{{- if eq $val.name "SONAR_WEB_JAVAOPTS" -}} +{{- $tempJvm = $val.value -}} +{{- end -}} +{{- end -}} +{{- end -}} {{- if and .Values.caCerts.enabled .Values.prometheusExporter.enabled -}} -{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }} +{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else if .Values.caCerts.enabled -}} -{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }} +{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else if .Values.prometheusExporter.enabled -}} -{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }} +{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else -}} -{{ printf "%s" .Values.jvmOpts }} +{{ printf "%s" $tempJvm }} {{- end -}} {{- end -}} @@ -122,14 +132,24 @@ Set sonarqube.jvmOpts Set sonarqube.jvmCEOpts */}} {{- define "sonarqube.jvmCEOpts" -}} +{{- $tempJvm := .Values.jvmCeOpts -}} +{{- if and .Values.sonarProperties (hasKey (.Values.sonarProperties) "sonar.ce.javaOpts")}} +{{- $tempJvm = (get .Values.sonarProperties "sonar.ce.javaOpts") -}} +{{- else if .Values.env -}} +{{- range $index, $val := .Values.env -}} +{{- if eq $val.name "SONAR_CE_JAVAOPTS" -}} +{{- $tempJvm = $val.value -}} +{{- end -}} +{{- end -}} +{{- end -}} {{- if and .Values.caCerts.enabled .Values.prometheusExporter.enabled -}} -{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder .Values.jvmCeOpts | trim | quote }} +{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else if .Values.caCerts.enabled -}} -{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder .Values.jvmCeOpts | trim | quote }} +{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else if .Values.prometheusExporter.enabled -}} -{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder .Values.jvmCeOpts | trim | quote }} +{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder $tempJvm | trim | quote }} {{- else -}} -{{ printf "%s" .Values.jvmCeOpts }} +{{ printf "%s" $tempJvm }} {{- end -}} {{- end -}} @@ -154,4 +174,4 @@ Create the name of the service account to use {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/config.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/config.yaml index 1ef7ada34..2fc8623a0 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/config.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/config.yaml @@ -8,18 +8,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: - {{- if and .Values.sonarSecretKey (not .Values.sonarProperties) (not .Values.elasticsearch.bootstrapChecks) }} - sonar.properties: sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt - {{- end }} - {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} - sonar.properties: - {{ range $key, $val := .Values.sonarProperties }} + sonar.properties: | + {{- range $key, $val := .Values.sonarProperties }} {{ $key }}={{ $val }} - {{ end }} + {{- end }} {{- if not .Values.elasticsearch.bootstrapChecks }} sonar.es.bootstrap.checks.disable=true {{- end }} + {{- if .Values.sonarSecretKey }} + sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt {{- end }} - {{- if and .Values.sonarSecretKey .Values.sonarProperties }} - sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt - {{- end }} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/deployment.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/deployment.yaml index bde89e607..181fb4b58 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/deployment.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/deployment.yaml @@ -37,6 +37,10 @@ spec: checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} +{{- if .Values.prometheusExporter.enabled }} + checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }} + checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }} +{{- end }} {{- if .Values.annotations}} {{- range $key, $value := .Values.annotations }} {{ $key }}: {{ $value | quote }} @@ -46,7 +50,6 @@ spec: {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} - serviceAccountName: {{ template "sonarqube.serviceAccountName" . }} securityContext: {{ toYaml .Values.securityContext | indent 8 }} {{- if or .Values.image.pullSecrets .Values.image.pullSecret }} @@ -62,6 +65,18 @@ spec: {{- if .Values.extraInitContainers }} {{ toYaml .Values.extraInitContainers | indent 8 }} {{- end }} + {{- if .Values.postgresql.enabled }} + - name: "wait-for-db" + image: {{ default "busybox:1.32" .Values.initContainers.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if $securityContext := .Values.initContainers.securityContext }} + securityContext: +{{ toYaml $securityContext | indent 12 }} + {{- end }} + resources: +{{ toYaml .Values.initContainers.resources | indent 12 }} + command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] + {{- end }} {{- if .Values.caCerts.enabled }} - name: ca-certs image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }} @@ -106,48 +121,12 @@ spec: {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.plugins.install }} - - name: install-plugins - image: {{ default "curlimages/curl:7.76.1" .Values.plugins.image }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["sh", - "-e", - "/tmp/scripts/install_plugins.sh"] - volumeMounts: - - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads - name: sonarqube - subPath: extensions/downloads - - mountPath: {{ .Values.sonarqubeFolder }}/lib/common - name: sonarqube - subPath: lib/common - - name: install-plugins - mountPath: /tmp/scripts/ - {{- if .Values.plugins.netrcCreds }} - - name: plugins-netrc-file - mountPath: /root - {{- end }} - {{- if $securityContext := .Values.initContainers.securityContext }} - securityContext: -{{ toYaml $securityContext | indent 12 }} - {{- end }} - resources: -{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }} - env: - - name: http_proxy - value: {{ default "" .Values.plugins.httpProxy }} - - name: https_proxy - value: {{ default "" .Values.plugins.httpsProxy }} - - name: no_proxy - value: {{ default "" .Values.plugins.noProxy }} - {{- with .Values.env }} - {{- . | toYaml | trim | nindent 12 }} - {{- end }} - {{- end }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} + + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - name: concat-properties image: {{ default "busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: + command: - sh - -c - | @@ -162,7 +141,7 @@ spec: awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties fi volumeMounts: - {{- if .Values.sonarProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: /tmp/props/sonar.properties name: config subPath: sonar.properties @@ -185,36 +164,67 @@ spec: {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.postgresql.enabled }} - - name: "wait-for-db" - image: {{ default "busybox:1.32" .Values.initContainers.image }} + + {{- if .Values.prometheusExporter.enabled }} + - name: inject-prometheus-exporter + image: {{ default "curlimages/curl:7.76.1" .Values.prometheusExporter.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if $securityContext := .Values.initContainers.securityContext }} + {{- if $securityContext := (default .Values.initContainers.securityContext .Values.prometheusExporter.securityContext) }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: -{{ toYaml .Values.initContainers.resources | indent 12 }} - command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] - {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} +{{ toYaml (default .Values.initContainers.resources .Values.prometheusExporter.resources) | indent 12 }} + command: ["/bin/sh","-c"] + args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"] + volumeMounts: + - mountPath: /data + name: sonarqube + subPath: data + env: + - name: http_proxy + value: {{ default "" .Values.prometheusExporter.httpProxy }} + - name: https_proxy + value: {{ default "" .Values.prometheusExporter.httpsProxy }} + - name: no_proxy + value: {{ default "" .Values.prometheusExporter.noProxy }} + {{- with .Values.env }} + {{- . | toYaml | trim | nindent 12 }} + {{- end }} {{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} + {{- if .Values.plugins.install }} + - name: install-plugins + image: {{ default "curlimages/curl:7.76.1" .Values.plugins.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["sh", + "-e", + "/tmp/scripts/install_plugins.sh"] + volumeMounts: + - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins + name: sonarqube + subPath: extensions/plugins + - name: install-plugins + mountPath: /tmp/scripts/ + {{- if .Values.plugins.netrcCreds }} + - name: plugins-netrc-file + mountPath: /root {{- end }} - {{- if .Values.hostAliases }} - hostAliases: -{{ toYaml .Values.hostAliases | indent 8 }} + {{- if $securityContext := (default .Values.initContainers.securityContext .Values.plugins.securityContext) }} + securityContext: +{{ toYaml $securityContext | indent 12 }} {{- end }} - {{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} + resources: +{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }} + env: + - name: http_proxy + value: {{ default "" .Values.plugins.httpProxy }} + - name: https_proxy + value: {{ default "" .Values.plugins.httpsProxy }} + - name: no_proxy + value: {{ default "" .Values.plugins.noProxy }} + {{- with .Values.env }} + {{- . | toYaml | trim | nindent 12 }} {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} {{- end }} containers: {{- if .Values.extraContainers }} @@ -227,7 +237,22 @@ spec: - name: http containerPort: {{ .Values.service.internalPort }} protocol: TCP + {{- if .Values.prometheusExporter.enabled }} + - name: monitoring-web + containerPort: {{ .Values.prometheusExporter.webBeanPort }} + protocol: TCP + - name: monitoring-ce + containerPort: {{ .Values.prometheusExporter.ceBeanPort }} + protocol: TCP + {{- end }} + resources: +{{ toYaml (default .Values.resources .Values.resource) | indent 12 }} env: + {{- with .Values.env }} + {{- . | toYaml | trim | nindent 12 }} + {{- end }} + - name: SONAR_HELM_CHART_VERSION + value: {{ .Chart.Version | replace "+" "_" }} - name: SONAR_WEB_JAVAOPTS value: {{ template "sonarqube.jvmOpts" . }} - name: SONAR_CE_JAVAOPTS @@ -247,9 +272,6 @@ spec: name: {{ template "sonarqube.fullname" . }}-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE {{- end }} - {{- with .Values.env }} - {{- . | toYaml | trim | nindent 12 }} - {{- end }} envFrom: - configMapRef: name: {{ template "sonarqube.fullname" . }}-jdbc-config @@ -268,18 +290,38 @@ spec: - -c - | host="$(hostname -i || echo '127.0.0.1')" - reply=$(wget -qO- --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext }}api/system/liveness 2>&1) - if [ -z "$reply" ]; then exit 0; else exit 1; fi + wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext }}api/system/liveness" initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: - httpGet: - path: {{ .Values.readinessProbe.sonarWebContext }}api/system/status - port: http + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING + # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. + host="$(hostname -i || echo '127.0.0.1')" + if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + exit 0 + fi + exit 1 initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + startupProbe: + httpGet: + scheme: HTTP + path: {{ .Values.readinessProbe.sonarWebContext }}api/system/status + port: http + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} {{- if .Values.containerSecurityContext }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} @@ -288,18 +330,18 @@ spec: {{- if .Values.persistence.mounts }} {{ toYaml .Values.persistence.mounts | indent 12 }} {{- end }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} +{{- if .Values.extraVolumeMounts }} +{{- .Values.extraVolumeMounts | toYaml | nindent 12 }} +{{- end }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: {{ .Values.sonarqubeFolder }}/conf/ name: concat-dir - {{- else if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} - - mountPath: {{ .Values.sonarqubeFolder }}/conf/ - name: config {{- end }} {{- if .Values.sonarSecretKey }} - mountPath: {{ .Values.sonarqubeFolder }}/secret/ name: secret {{- end }} - {{- if .Values.caCerts }} + {{- if .Values.caCerts.enabled }} - mountPath: {{ .Values.sonarqubeFolder }}/certs name: sonarqube subPath: certs @@ -312,16 +354,9 @@ spec: name: sonarqube subPath: extensions {{- else if .Values.plugins.install }} - - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads - name: sonarqube - subPath: extensions/downloads - {{- end }} - {{- if .Values.plugins.lib }} - {{- range $index, $val := .Values.plugins.lib }} - - mountPath: {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }} + - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube - subPath: lib/common/{{ $val }} - {{- end }} + subPath: extensions/plugins {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/temp name: sonarqube @@ -331,13 +366,42 @@ spec: subPath: logs - mountPath: /tmp name: tmp-dir - resources: -{{ toYaml .Values.resources | indent 12 }} + {{- if .Values.prometheusExporter.enabled }} + - mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml + subPath: prometheus-config.yaml + name: prometheus-config + - mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml + subPath: prometheus-ce-config.yaml + name: prometheus-ce-config + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.hostAliases }} + hostAliases: +{{ toYaml .Values.hostAliases | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + serviceAccountName: {{ template "sonarqube.serviceAccountName" . }} volumes: +{{- if .Values.extraVolumes }} +{{- .Values.extraVolumes | toYaml | nindent 6 }} +{{- end }} {{- if .Values.persistence.volumes }} {{ tpl (toYaml .Values.persistence.volumes | indent 6) . }} {{- end }} - {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} + {{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name: config configMap: name: {{ template "sonarqube.fullname" . }}-config @@ -361,7 +425,7 @@ spec: - key: sonar-secret.txt path: sonar-secret.txt {{- end }} - {{- if .Values.caCerts }} + {{- if .Values.caCerts.enabled }} - name: ca-certs secret: secretName: {{ .Values.caCerts.secret }} @@ -386,6 +450,20 @@ spec: items: - key: install_plugins.sh path: install_plugins.sh + {{- if .Values.prometheusExporter.enabled }} + - name: prometheus-config + configMap: + name: {{ template "sonarqube.fullname" . }}-prometheus-config + items: + - key: prometheus-config.yaml + path: prometheus-config.yaml + - name: prometheus-ce-config + configMap: + name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config + items: + - key: prometheus-ce-config.yaml + path: prometheus-ce-config.yaml + {{- end }} - name: sonarqube {{- if .Values.persistence.enabled }} persistentVolumeClaim: @@ -395,7 +473,7 @@ spec: {{- end }} - name : tmp-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name : concat-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}} {{- end }} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/ingress.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/ingress.yaml index 7fc8baa49..1fdecc97f 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/ingress.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/ingress.yaml @@ -1,13 +1,7 @@ {{- if .Values.ingress.enabled -}} {{- $serviceName := include "sonarqube.fullname" . -}} {{- $servicePort := .Values.service.externalPort -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 -{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} -apiVersion: networking.k8s.io/v1beta1 -{{ else }} -apiVersion: extensions/v1beta1 -{{ end -}} kind: Ingress metadata: name: {{ template "sonarqube.fullname" . }} @@ -25,7 +19,6 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} spec: {{- if .Values.ingress.ingressClassName }} ingressClassName: {{ .Values.ingress.ingressClassName }} @@ -43,30 +36,8 @@ spec: path: {{ .path}} pathType: {{ default "ImplementationSpecific" .pathType }} {{- end }} -{{ else }} -spec: - {{- if .Values.ingress.annotations }} - {{- range $key, $value := .Values.ingress.annotations }} - {{- if and (eq $key "kubernetes.io/ingress.class") (contains $value "gce") }} - backend: - serviceName: {{ default $serviceName .serviceName }} - servicePort: {{ default $servicePort .servicePort }} - {{- end }} - {{- end }} - {{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .name }} - http: - paths: - - path: {{ .path}} - backend: - serviceName: {{ default $serviceName .serviceName }} - servicePort: {{ default $servicePort .servicePort }} - {{- end -}} -{{ end -}} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} {{- end -}} -{{- end -}} +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/install-plugins.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/install-plugins.yaml index de3f4ba9a..073646c9c 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/install-plugins.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/install-plugins.yaml @@ -10,14 +10,9 @@ metadata: data: install_plugins.sh: |- {{- if .Values.plugins.install }} - [ -e {{ .Values.sonarqubeFolder }}/extensions/downloads/* ] && rm {{ .Values.sonarqubeFolder }}/extensions/downloads/* - cd {{ .Values.sonarqubeFolder }}/extensions/downloads + rm -f {{ .Values.sonarqubeFolder }}/extensions/plugins/* + cd {{ .Values.sonarqubeFolder }}/extensions/plugins {{- range $index, $val := .Values.plugins.install }} curl {{ if $.Values.plugins.noCheckCertificate }}--insecure{{ end }} {{ if $.Values.plugins.netrcCreds }}--netrc-file /root/.netrc{{ end }} -fsSLO {{ $val | quote }} {{- end }} {{- end }} - {{- if .Values.plugins.lib }} - {{- range $index, $val := .Values.plugins.lib }} - cp -f {{ $.Values.sonarqubeFolder }}/extensions/downloads/{{ $val }} {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }} - {{- end }} - {{- end }} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/prometheus-podmonitor.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/prometheus-podmonitor.yaml new file mode 100644 index 000000000..f76c43b47 --- /dev/null +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/prometheus-podmonitor.yaml @@ -0,0 +1,37 @@ +{{- if .Values.prometheusMonitoring.podMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ template "sonarqube.name" . }} + namespace: {{ .Values.prometheusMonitoring.podMonitor.namespace | quote }} + labels: + app: {{ template "sonarqube.name" . }} +spec: + {{- if .Values.prometheusMonitoring.podMonitor.jobLabel }} + jobLabel: {{ .Values.prometheusMonitoring.podMonitor.jobLabel | quote }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "sonarqube.name" . }} + podMetricsEndpoints: + - port: http + path: /api/monitoring/metrics + scheme: http + {{- if .Values.prometheusMonitoring.podMonitor.interval }} + interval: {{ .Values.prometheusMonitoring.podMonitor.interval }} + {{- end }} + {{- if .Values.prometheusMonitoring.podMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.prometheusMonitoring.podMonitor.scrapeTimeout }} + {{- end }} + bearerTokenSecret: + {{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }} + name: {{ .Values.monitoringPasscodeSecretName }} + key: {{ .Values.monitoringPasscodeSecretKey }} + {{- else }} + name: {{ template "sonarqube.fullname" . }}-monitoring-passcode + key: SONAR_WEB_SYSTEMPASSCODE + {{- end }} +{{- end }} \ No newline at end of file diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/secret.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/secret.yaml index 392a3f50b..9ac2a2d96 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/secret.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/secret.yaml @@ -29,6 +29,22 @@ data: SONAR_WEB_SYSTEMPASSCODE: {{ .Values.monitoringPasscode | b64enc | quote }} {{- end }} --- +{{- if and .Values.monitoringPasscode .Values.prometheusMonitoring.podMonitor.enabled}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "sonarqube.fullname" . }}-monitoring-passcode + namespace: {{.Values.prometheusMonitoring.podMonitor.namespace}} + labels: + app: {{ template "sonarqube.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + SONAR_WEB_SYSTEMPASSCODE: {{ .Values.monitoringPasscode | b64enc | quote }} +{{- end }} +--- {{- if .Values.account }} {{- if .Values.account.adminPassword }} apiVersion: v1 diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/sonarqube-sts.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/sonarqube-sts.yaml index db4490b16..e055487ea 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/sonarqube-sts.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/sonarqube-sts.yaml @@ -45,6 +45,9 @@ spec: {{- end }} {{- end }} spec: + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName }} + {{- end }} securityContext: {{ toYaml .Values.securityContext | indent 8 }} {{- if or .Values.image.pullSecrets .Values.image.pullSecret }} @@ -117,11 +120,11 @@ spec: {{- end }} {{- end }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - name: concat-properties image: {{ default "busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: + command: - sh - -c - | @@ -136,7 +139,7 @@ spec: awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties fi volumeMounts: - {{- if .Values.sonarProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: /tmp/props/sonar.properties name: config subPath: sonar.properties @@ -219,16 +222,9 @@ spec: name: sonarqube subPath: extensions {{- else if .Values.plugins.install }} - - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads + - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube - subPath: extensions/downloads - {{- end }} - {{- if .Values.plugins.lib }} - {{- range $index, $val := .Values.plugins.lib }} - - mountPath: {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }} - name: sonarqube - subPath: lib/common/{{ $val }} - {{- end }} + subPath: extensions/plugins {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/temp name: sonarqube @@ -247,12 +243,9 @@ spec: "-e", "/tmp/scripts/install_plugins.sh"] volumeMounts: - - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads + - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube - subPath: extensions/downloads - - mountPath: {{ .Values.sonarqubeFolder }}/lib/common - name: sonarqube - subPath: lib/common + subPath: extensions/plugins - name: install-plugins mountPath: /tmp/scripts/ {{- if .Values.plugins.netrcCreds }} @@ -298,6 +291,11 @@ spec: resources: {{ toYaml (default .Values.resources .Values.resource) | indent 12 }} env: + {{- with .Values.env }} + {{- . | toYaml | trim | nindent 12 }} + {{- end }} + - name: SONAR_HELM_CHART_VERSION + value: {{ .Chart.Version | replace "+" "_" }} - name: SONAR_WEB_JAVAOPTS value: {{ template "sonarqube.jvmOpts" . }} - name: SONAR_CE_JAVAOPTS @@ -317,9 +315,6 @@ spec: name: {{ template "sonarqube.fullname" . }}-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE {{- end }} - {{- with .Values.env }} - {{- . | toYaml | trim | nindent 12 }} - {{- end }} envFrom: - configMapRef: name: {{ template "sonarqube.fullname" . }}-jdbc-config @@ -338,11 +333,11 @@ spec: - -c - | host="$(hostname -i || echo '127.0.0.1')" - reply=$(wget -qO- --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext }}api/system/liveness 2>&1) - if [ -z "$reply" ]; then exit 0; else exit 1; fi + wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext }}api/system/liveness" initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: exec: command: @@ -353,13 +348,14 @@ spec: # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. host="$(hostname -i || echo '127.0.0.1')" - if wget --proxy off -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} startupProbe: httpGet: scheme: HTTP @@ -368,6 +364,7 @@ spec: initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.startupProbe.periodSeconds }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} {{- if .Values.containerSecurityContext }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} @@ -376,13 +373,12 @@ spec: {{- if .Values.persistence.mounts }} {{ toYaml .Values.persistence.mounts | indent 12 }} {{- end }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} +{{- if .Values.extraVolumeMounts }} +{{- .Values.extraVolumeMounts | toYaml | nindent 12 }} +{{- end }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: {{ .Values.sonarqubeFolder }}/conf/ name: concat-dir - {{- else if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} - - mountPath: {{ .Values.sonarqubeFolder }}/conf/sonar.properties - subPath: sonar.properties - name: config {{- end }} {{- if .Values.sonarSecretKey }} - mountPath: {{ .Values.sonarqubeFolder }}/secret/ @@ -401,16 +397,9 @@ spec: name: sonarqube subPath: extensions {{- else if .Values.plugins.install }} - - mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads + - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube - subPath: extensions/downloads - {{- end }} - {{- if .Values.plugins.lib }} - {{- range $index, $val := .Values.plugins.lib }} - - mountPath: {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }} - name: sonarqube - subPath: lib/common/{{ $val }} - {{- end }} + subPath: extensions/plugins {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/temp name: sonarqube @@ -428,6 +417,9 @@ spec: subPath: prometheus-ce-config.yaml name: prometheus-ce-config {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} @@ -449,7 +441,10 @@ spec: {{- if .Values.persistence.volumes }} {{ tpl (toYaml .Values.persistence.volumes | indent 6) . }} {{- end }} - {{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }} +{{- if .Values.extraVolumes }} +{{- .Values.extraVolumes | toYaml | nindent 6 }} +{{- end }} + {{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name: config configMap: name: {{ template "sonarqube.fullname" . }}-config @@ -527,7 +522,7 @@ spec: {{- end }} - name : tmp-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} - {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name : concat-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}} {{- end }} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/sonarqube-test.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/sonarqube-test.yaml index 2d42f2734..654f4cf16 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/sonarqube-test.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/sonarqube-test.yaml @@ -20,41 +20,21 @@ spec: {{ toYaml .Values.image.pullSecrets | indent 4 }} {{- end}} {{- end }} - initContainers: - - name: "bats" - image: {{ .Values.tests.initContainers.image | quote }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["bash", "-c"] - args: - - |- - set -ex - cp -R /opt/bats /tools/bats/ - resources: -{{ toYaml .Values.tests.initContainers.resources | indent 8 }} - volumeMounts: - - mountPath: /tools - name: tools containers: - name: {{ .Release.Name }}-ui-test - image: {{ .Values.tests.image | quote }} + image: {{ .Values.tests.image | default (printf "%s:%s" .Values.image.repository (tpl .Values.image.tag .)) | quote }} imagePullPolicy: {{ .Values.image.pullPolicy }} - command: [ - "/tools/bats/bin/bats", - "--tap", - "/tests/run.sh"] + command: ['wget'] + args: [ + '--retry-connrefused', + '--waitretry=1', + '--timeout=5', + '-t', + '12', + '-qO-', + '{{ template "sonarqube.fullname" . }}:{{ .Values.service.internalPort }}/api/system/status' + ] resources: {{ toYaml .Values.tests.resources | indent 8 }} - volumeMounts: - - mountPath: /tests - name: tests - readOnly: true - - mountPath: /tools - name: tools - volumes: - - name: tests - configMap: - name: {{ template "sonarqube.fullname" . }}-tests - - name: tools - emptyDir: {{ toYaml .Values.emptyDir | nindent 6 }} restartPolicy: Never {{- end -}} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/test-config.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/test-config.yaml deleted file mode 100644 index 012be0331..000000000 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/templates/tests/test-config.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if .Values.tests.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "sonarqube.fullname" . }}-tests - labels: - app: {{ template "sonarqube.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -data: - run.sh: |- - @test "Testing Sonarqube UI is accessible" { - curl --connect-timeout 5 --retry 12 --retry-delay 1 --retry-max-time 60 {{ template "sonarqube.fullname" . }}:{{ .Values.service.internalPort }}/api/system/status - } -{{- end -}} diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/values.schema.json b/argocd-helm-charts/sonarqube/charts/sonarqube/values.schema.json index 3a2f06133..786c01be2 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/values.schema.json +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/values.schema.json @@ -1,5 +1,5 @@ { - "$schema": "http://json-schema.org/draft-07/schema", + "$schema": "https://json-schema.org/draft/2020-12/schema", "required": [ "replicaCount" ], @@ -7,6 +7,16 @@ "replicaCount": { "type": "integer", "enum": [0, 1] + }, + "jvmOpts": { + "type": "string", + "deprecated": true, + "$comment": "(DEPRECATED) Please use SONAR_WEB_JAVAOPTS or sonar.web.javaOpts" + }, + "jvmCeOpts": { + "type": "string", + "deprecated": true, + "$comment": "(DEPRECATED) Please use SONAR_CE_JAVAOPTS or sonar.ce.javaOpts" } } } \ No newline at end of file diff --git a/argocd-helm-charts/sonarqube/charts/sonarqube/values.yaml b/argocd-helm-charts/sonarqube/charts/sonarqube/values.yaml index 106e55852..9b94a56c8 100644 --- a/argocd-helm-charts/sonarqube/charts/sonarqube/values.yaml +++ b/argocd-helm-charts/sonarqube/charts/sonarqube/values.yaml @@ -27,7 +27,7 @@ edition: "community" image: repository: sonarqube - tag: 9.7.0-{{ .Values.edition }} + tag: 10.1.0-{{ .Values.edition }} pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: @@ -88,14 +88,12 @@ ingress: # servicePort: somePort # the pathType can be one of the following values: Exact|Prefix|ImplementationSpecific(default) # pathType: ImplementationSpecific - annotations: {} - # kubernetes.io/ingress.class: nginx + annotations: # kubernetes.io/tls-acme: "true" # This property allows for reports up to a certain size to be uploaded to SonarQube - # nginx.ingress.kubernetes.io/proxy-body-size: "8m" + nginx.ingress.kubernetes.io/proxy-body-size: "64m" - # Set ingressClassName if kubernetes version is >= 1.18 - # Reference: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + # Set the ingressClassName on the ingress record # ingressClassName: nginx # Additional labels for Ingress manifest file @@ -158,6 +156,8 @@ readinessProbe: initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 + # Note that timeoutSeconds was not respected before Kubernetes 1.20 for exec probes + timeoutSeconds: 1 # If an ingress *path* other than the root (/) is defined, it should be reflected here # A trailing "/" must be included sonarWebContext: / @@ -167,6 +167,8 @@ livenessProbe: initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 + # Note that timeoutSeconds was not respected before Kubernetes 1.20 for exec probes + timeoutSeconds: 1 # If an ingress *path* other than the root (/) is defined, it should be reflected here # A trailing "/" must be included sonarWebContext: / @@ -178,6 +180,8 @@ startupProbe: initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 24 + # Note that timeoutSeconds was not respected before Kubernetes 1.20 for exec probes + timeoutSeconds: 1 # If an ingress *path* other than the root (/) is defined, it should be reflected here # A trailing "/" must be included sonarWebContext: / @@ -230,9 +234,9 @@ initFs: privileged: true prometheusExporter: - enabled: true + enabled: false # jmx_prometheus_javaagent version to download from Maven Central - version: "0.16.0" + version: "0.17.2" # Alternative full download URL for the jmx_prometheus_javaagent.jar (overrides prometheusExporter.version) # downloadURL: "" # if you need to ignore TLS certificates for whatever reason enable the following flag @@ -259,15 +263,30 @@ prometheusExporter: runAsUser: 1000 runAsGroup: 1000 +prometheusMonitoring: + # Generate a Prometheus Pod Monitor (https://github.com/coreos/prometheus-operator) + # + podMonitor: + # Create PodMonitor Resource for Prometheus scraping + enabled: false + # Specify a custom namespace where the PodMonitor will be created + namespace: "default" + # Specify the interval how often metrics should be scraped + interval: 30s + # Specify the timeout after a scrape is ended + # scrapeTimeout: "" + # Name of the label on target services that prometheus uses as job name + # jobLabel: "" + # List of plugins to install. # For example: # plugins: # install: # - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar" # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" +# plugins: install: [] - lib: [] # For use behind a corporate proxy when downloading plugins # httpProxy: "" @@ -286,12 +305,12 @@ plugins: runAsUser: 1000 runAsGroup: 1000 -## Values to add to SONARQUBE_WEB_JVM_OPTS +## (DEPRECATED) Please use SONAR_WEB_JAVAOPTS or sonar.web.javaOpts ## # jvmOpts: "-Djava.net.preferIPv4Stack=true" jvmOpts: "" -## Values to add to SONAR_CE_JAVAOPTS +## (DEPRECATED) Please use SONAR_CE_JAVAOPTS or sonar.ce.javaOpts jvmCeOpts: "" ## a monitoring passcode needs to be defined in order to get reasonable probe results @@ -463,12 +482,9 @@ podLabels: {} sonarqubeFolder: /opt/sonarqube tests: - image: bitnami/minideb-extras + image: "" enabled: true resources: {} - initContainers: - image: bats/bats:1.2.1 - resources: {} # For OpenShift set create=true to ensure service account is created. serviceAccount: diff --git a/argocd-helm-charts/sonarqube/templates/postgres.yaml b/argocd-helm-charts/sonarqube/templates/postgres.yaml index 107853e7f..2b8378794 100644 --- a/argocd-helm-charts/sonarqube/templates/postgres.yaml +++ b/argocd-helm-charts/sonarqube/templates/postgres.yaml @@ -23,14 +23,13 @@ spec: {{- if .Values.postgresql.storageClass }} storageClass: {{ .Values.postgresql.storageClass }} {{- end }} - numberOfInstances: 2 + numberOfInstances: 1 users: - sonarqube_admin: + sonarqube: - superuser - createdb - sonarqube_test: [] databases: - sonarqube: sonarqube_admin + sonarqube: sonarqube postgresql: - version: "13" + version: "14" enableMasterLoadBalancer: false diff --git a/argocd-helm-charts/sonarqube/values.yaml b/argocd-helm-charts/sonarqube/values.yaml index 827965952..2464b6aca 100644 --- a/argocd-helm-charts/sonarqube/values.yaml +++ b/argocd-helm-charts/sonarqube/values.yaml @@ -6,12 +6,17 @@ sonarqube: resources: limits: cpu: null + plugins: + install: + - "https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.1.1/sonar-auth-oidc-plugin-2.1.1.jar" + account: + adminPasswordSecretName: sonarqube-admin-credentials jdbcOverwrite: enable: true - jdbcSecretName: sonarqube-admin.sonarqube-pgsql.credentials.postgresql.acid.zalan.do + jdbcSecretName: sonarqube.sonarqube-pgsql.credentials.postgresql.acid.zalan.do jdbcSecretPasswordKey: password jdbcUrl: "jdbc:postgresql://sonarqube-pgsql/sonarqube?socketTimeout=1500" - jdbcUsername: sonarqube_admin + jdbcUsername: sonarqube postgresql: size: 4Gi