Skip to content

Latest commit

 

History

History

sonarqube

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
templates
templates
 
 
.test.sh
.test.sh
 
 
Chart.yaml
Chart.yaml
 
 
README.md
README.md
 
 
values.yaml
values.yaml
 
 

README.md

SonarQube

SonarQube is an open sourced code quality scanning tool.

Introduction

This chart bootstraps a SonarQube instance with a PostgreSQL database.

Attribution: A Fork of this code was taken from here and customized for OpenShift

https://github.com/Oteemo/charts/tree/master/charts/sonarqube

WIP: Not all configuration options have been checked against openshift yet

Installing the chart

To install the chart:

$ helm repo add rht-labs-charts https://rht-labs.github.io/charts
$ helm install rht-labs-charts/sonarqube

The above command deploys Sonarqube on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation.

The default login is admin/admin, but can be overridden.

Uninstalling the chart

To uninstall/delete the deployment:

$ helm delete <name of chart>

Configuration

The following table lists the configurable parameters of the Sonarqube chart and their default values.

Parameter Description Default
admin.adminPassword Set Admin Password, also refer "admin.currentAdminPassword" admin
replicaCount Number of replicas deployed 1
deploymentStrategy Deployment strategy {}
image.repository image repository sonarqube
image.tag sonarqube image tag. 8.2-community
image.pullPolicy Image pull policy IfNotPresent
image.pullSecret imagePullSecret to use for private repository
command command to run in the container nil (need to be set prior to 6.7.6, and 7.4)
elasticsearch.configureNode Modify k8s worker to conform to system requirements false
elasticsearch.bootstrapChecks Enables/disables Elasticsearch bootstrap checks false
initContainers Enable or Disable the running of all initContainers false (not needed on OpenShift)
ingress.enabled Flag for enabling ingress false
ingress.labels Ingress additional labels {}
ingress.hosts[0].name Hostname to your SonarQube installation sonar.organization.com
ingress.hosts[0].path Path within the URL structure /
ingress.tls Ingress secrets for TLS certificates []
livenessProbe.sonarWebContext SonarQube web context for livenessProbe /
readinessProbe.sonarWebContext SonarQube web context for readinessProbe /
service.type Kubernetes service type ClusterIP
service.externalPort Kubernetes service port 9000
service.internalPort Kubernetes container port 9000
service.labels Kubernetes service labels None
service.annotations Kubernetes service annotations None
service.loadBalancerSourceRanges Kubernetes service LB Allowed inbound IP addresses None
service.loadBalancerIP Kubernetes service LB Optional fixed external IP None
persistence.enabled Flag for enabling persistent storage false
persistence.annotations Kubernetes pvc annotations {}
persistence.existingClaim Do not create a new PVC but use this one None
persistence.storageClass Storage class to be used ""
persistence.accessMode Volumes access mode to be set ReadWriteOnce
persistence.size Size of the volume 10Gi
persistence.volumes Specify extra volumes. Refer to ".spec.volumes" specification []
persistence.mounts Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification []
serviceAccount.create If set to true, create a serviceAccount false
serviceAccount.name Name of the serviceAccount to create/use sonarqube-sonarqube
serviceAccount.annotations Additional serviceAccount annotations {}
sonarProperties Custom sonar.properties file None
sonarSecretProperties Additional sonar.properties file to load from a secret None
caCerts.secret Name of the secret containing additional CA certificates nil
jvmOpts Values to add to SONARQUBE_WEB_JVM_OPTS ""
env Environment variables to attach to the pods nil
sonarSecretKey Name of existing secret used for settings encryption None
sonarProperties Custom sonar.properties file {}
postgresql.enabled Set to false to use external server true
postgresql.existingSecret Secret containing the password of the external Postgresql server null
postgresql.postgresqlServer Hostname of the external Postgresql server null
postgresql.postgresqlUsername Postgresql database user sonarUser
postgresql.postgresqlPassword Postgresql database password sonarPass
postgresql.postgresqlDatabase Postgresql database name sonarDB
postgresql.service.port Postgresql port 5432
annotations Sonarqube Pod annotations {}
resources Sonarqube Pod resource requests & limits {}
affinity Node / Pod affinities {}
nodeSelector Node labels for pod assignment {}
hostAliases Aliases for IPs in /etc/hosts []
tolerations List of node taints to tolerate []
plugins.install List of plugins to install []
plugins.lib List of plugins to install to lib/common []
plugins.resources Plugin Pod resource requests & limits {}
plugins.initContainerImage Change init container image alpine:3.10.3
plugins.initSysctlContainerImage Change init sysctl container image busybox:1.31
plugins.initVolumesContainerImage Change init volumes container image busybox:1.31
plugins.initCertsContainerImage Change init ca certs container image adoptopenjdk/openjdk11:alpine
plugins.initTestContainerImage Change init test container image dduportal/bats:0.4.0
plugins.deleteDefaultPlugins Remove default plugins and use plugins.install list []
plugins.httpProxy For use behind a corporate proxy when downloading plugins ""
plugins.httpsProxy For use behind a corporate proxy when downloading plugins ""
podLabels Map of labels to add to the pods {}
sonarqubeFolder Directory name of Sonarqube /opt/sonarqube
enableTests Flag that allows tests to be excluded from generated yaml true

For overriding variables see: Customizing the chart

Use custom cacerts

In environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate cacerts which overrides the default one:

  1. Create a yaml file cacerts.yaml with a secret that contains one or more keys to represent the certificates that you want including

    apiVersion: v1
kind: Secret
metadata:
  name: my-cacerts
data:
  cert-1.crt: |
    xxxxxxxxxxxxxxxxxxxxxxx

  2. Upload your cacerts.yaml to a secret in the cluster you are installing Sonarqube to.

    $ kubectl apply -f cacerts.yaml

  3. Set the following values of the chart:

    caCerts:
  secret: my-cacerts

Elasticsearch Settings

Since SonarQube comes bundled with an Elasticsearch instance, some bootstrap checks of the host settings are done at start.

This chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide.

To enable auto-configuration of the kube worker node, set elasticsearch.configureNode to true. This is the default behavior, so you do not need to explicitly set this.

This will run sysctl -w vm.max_map_count=262144 on the worker where the sonarqube pod(s) get scheduled. This needs to be set to 262144 but normally defaults to 65530. Other kernel settings are recommended by the docker image, but the defaults work fine in most cases.

To disable worker node configuration, set elasticsearch.configureNode to false. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting elasticsearch.bootstrapChecks to false.