diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md index dd3bd09a3..2b2ec625d 100644 --- a/charts/sonarqube-dce/CHANGELOG.md +++ b/charts/sonarqube-dce/CHANGELOG.md @@ -8,6 +8,7 @@ All changes to this chart will be documented in this file. * Support Kubernetes v1.32 * Remove the default passcode provided with `monitoringPasscode` * Support Openshift v4.17 +* Add the possibility of to save the data with hostpath. ## [10.8.1] * Update Chart's version to 10.8.1 diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md index 7d1a36077..ff3fb327c 100644 --- a/charts/sonarqube-dce/README.md +++ b/charts/sonarqube-dce/README.md @@ -437,7 +437,7 @@ The following table lists the configurable parameters of the SonarQube chart and ### Generic Configuration | Parameter | Description | Default | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------- | ------- | +| ------------------------ |-----------------------------------------------------------------------------------------------------------------------| ------- | | `affinity` | Node / Pod affinities | `{}` | | `tolerations` | List of node taints to tolerate | `[]` | | `priorityClassName` | Schedule pods on priority (e.g. `high-priority`) | `None` | @@ -453,6 +453,9 @@ The following table lists the configurable parameters of the SonarQube chart and | `noProxy` | No proxy for downloading JMX agent and install plugins, will superseed initContainer specific no proxy variables | `` | | `nodeEncryption.enabled` | Secure the communication between Application and Search nodes using TLS | `false` | | `ingress-nginx.enabled` | Install Nginx Ingress Helm | `false` | +| `hostPath.enabled` | Flag for enabling storage with `hostPath` | `false` | +| `hostPath.path` | Path where the data will be stored with `hostPath` | `""` | +| `hostPath.type` | `hostPath` volume types | `""` | ### NetworkPolicies diff --git a/charts/sonarqube-dce/templates/sonarqube-application.yaml b/charts/sonarqube-dce/templates/sonarqube-application.yaml index c25147d84..1f41dcfdb 100644 --- a/charts/sonarqube-dce/templates/sonarqube-application.yaml +++ b/charts/sonarqube-dce/templates/sonarqube-application.yaml @@ -490,7 +490,13 @@ spec: secretName: {{ .Values.searchNodes.searchAuthentication.keyStoreSecret }} {{- end }} - name: sonarqube + {{- if .Values.hostPath.enabled }} + hostPath: + path: {{ .Values.hostPath.path }} + type: {{ .Values.hostPath.type }} + {{- else }} emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} + {{- end }} - name : tmp-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} {{- if or .Values.ApplicationNodes.sonarProperties .Values.ApplicationNodes.sonarSecretProperties .Values.sonarSecretKey }} diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml index 8e897de14..314d410ff 100644 --- a/charts/sonarqube-dce/values.yaml +++ b/charts/sonarqube-dce/values.yaml @@ -866,3 +866,11 @@ extraConfig: # (DEPRECATED) This value is not used in the templates. terminationGracePeriodSeconds: 60 + +# In case you want to specify hostPath for to storage into the host. +hostPath: + enabled: false + # Path where the data will be stored. + #path: /data/sonarqube/ + #Type of volume. Must be one of: DirectoryOrCreate, Directory, FileOrCreate, File, Socket, CharDevice, BlockDevice. + #type: DirectoryOrCreate diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index 89d457885..228ac3590 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -10,6 +10,7 @@ All changes to this chart will be documented in this file. * Remove the default passcode provided with `monitoringPasscode` * Support Openshift v4.17 * Improves editions and versions setting for sonarqube chart +* Add the possibility of to save the data with hostpath. ## [10.8.1] * Update Chart's version to 10.8.1 diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md index e24dcf464..0f58c6439 100644 --- a/charts/sonarqube/README.md +++ b/charts/sonarqube/README.md @@ -482,19 +482,22 @@ The following table lists the configurable parameters of the SonarQube chart and ### Persistence -| Parameter | Description | Default | -| --------------------------- | ------------------------------------------------- | --------------- | -| `persistence.enabled` | Flag for enabling persistent storage | `false` | -| `persistence.annotations` | Kubernetes pvc annotations | `{}` | -| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` | -| `persistence.storageClass` | Storage class to be used | `""` | -| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | -| `persistence.size` | Size of the volume | `5Gi` | -| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` | -| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` | -| `persistence.uid` | UID used for init-fs container | `1000` | -| `persistence.guid` | GUID used for init-fs container | `0` | -| `emptyDir` | Configuration of resources for `emptyDir` | `{}` | +| Parameter | Description | Default | +|-----------------------------|-----------------------------------------------------|-----------------| +| `persistence.enabled` | Flag for enabling persistent storage | `false` | +| `persistence.annotations` | Kubernetes pvc annotations | `{}` | +| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` | +| `persistence.storageClass` | Storage class to be used | `""` | +| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | +| `persistence.size` | Size of the volume | `5Gi` | +| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` | +| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` | +| `persistence.uid` | UID used for init-fs container | `1000` | +| `persistence.guid` | GUID used for init-fs container | `0` | +| `emptyDir` | Configuration of resources for `emptyDir` | `{}` | +| `hostPath.enabled` | Flag for enabling storage with `hostPath` | `false` | +| `hostPath.path` | Path where the data will be stored with `hostPath` | `""` | +| `hostPath.type` | `hostPath` volume types | `""` | ### JDBC Overwrite diff --git a/charts/sonarqube/templates/_pod.tpl b/charts/sonarqube/templates/_pod.tpl index dc216a80b..051b4fb19 100644 --- a/charts/sonarqube/templates/_pod.tpl +++ b/charts/sonarqube/templates/_pod.tpl @@ -474,9 +474,13 @@ spec: {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "sonarqube.fullname" . }}{{- end }} + {{- else if .Values.hostPath.enabled }} + hostPath: + path: {{ .Values.hostPath.path }} + type: {{ .Values.hostPath.type }} {{- else }} emptyDir: {{- toYaml .Values.emptyDir | nindent 8 }} - {{- end }} + {{- end }} - name : tmp-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 8 }} {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index a5b3ddbdb..2005b5f5e 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -495,6 +495,15 @@ emptyDir: {} # medium: Memory # sizeLimit: 16Mi +# In case you want to specify hostPath for to storage into the host. +hostPath: + enabled: false + # Path where the data will be stored. + #path: /data/sonarqube/ + #Type of volume. Must be one of: DirectoryOrCreate, Directory, FileOrCreate, File, Socket, CharDevice, BlockDevice. + #type: DirectoryOrCreate + + # A custom sonar.properties file can be provided via dictionary. # For example: # sonarProperties: diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/host-path-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/host-path-values.yaml new file mode 100644 index 000000000..3aeb19254 --- /dev/null +++ b/tests/unit-compatibility-test/fixtures/sonarqube-dce/host-path-values.yaml @@ -0,0 +1,999 @@ +--- +# Source: sonarqube-dce/templates/pod-disruption-budget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: host-path-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +spec: + minAvailable: 2 + + selector: + matchLabels: + sonarqube.datacenter/type: "search" +--- +# Source: sonarqube-dce/templates/pod-disruption-budget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: host-path-values.yaml-sonarqube-dce-app + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +spec: + minAvailable: 1 + + selector: + matchLabels: + sonarqube.datacenter/type: "app" +--- +# Source: sonarqube-dce/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + namespace: default +type: Opaque +data: + postgresql-postgres-password: "dG90bw==" + postgresql-password: "c29uYXJQYXNz" +--- +# Source: sonarqube-dce/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-sonarqube-dce-monitoring-passcode + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_WEB_SYSTEMPASSCODE: "dGVzdA==" +--- +# Source: sonarqube-dce/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-sonarqube-dce-jwt + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_AUTH_JWTBASE64HS256SECRET: "" +--- +# Source: sonarqube-dce/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-sonarqube-dce-http-proxies + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +type: Opaque +stringData: + PLUGINS-HTTP-PROXY: "" + PLUGINS-HTTPS-PROXY: "" + PLUGINS-NO-PROXY: "" + PROMETHEUS-EXPORTER-HTTP-PROXY: "" + PROMETHEUS-EXPORTER-HTTPS-PROXY: "" + PROMETHEUS-EXPORTER-NO-PROXY: "" +--- +# Source: sonarqube-dce/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-app-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube-dce/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-search-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube-dce/templates/init-fs.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-init-fs + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + init_fs.sh: |- + chown -R 1000:0 /opt/sonarqube/data + chown -R 1000:0 /opt/sonarqube/temp + chown -R 1000:0 /opt/sonarqube/logs +--- +# Source: sonarqube-dce/templates/init-sysctl.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-init-sysctl + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + init_sysctl.sh: |- + set -o errexit + set -o xtrace + vmMaxMapCount=524288 + if [[ "$(sysctl -n vm.max_map_count)" -lt $vmMaxMapCount ]]; then + sysctl -w vm.max_map_count=$vmMaxMapCount + if [[ "$(sysctl -n vm.max_map_count)" -lt $vmMaxMapCount ]]; then + echo "Failed to set initSysctl.vmMaxMapCount"; exit 1 + fi + fi + fsFileMax=131072 + if [[ "$(sysctl -n fs.file-max)" -lt $fsFileMax ]]; then + sysctl -w fs.file-max=$fsFileMax + if [[ "$(sysctl -n fs.file-max)" -lt $fsFileMax ]]; then + echo "Failed to set initSysctl.fsFileMax"; exit 1 + fi + fi + nofile=131072 + if [[ "$(ulimit -n)" != "unlimited" ]]; then + if [[ "$(ulimit -n)" -lt $nofile ]]; then + ulimit -n $nofile + if [[ "$(ulimit -n)" -lt $nofile ]]; then + echo "Failed to set initSysctl.nofile"; exit 1 + fi + fi + fi + nproc=8192 + if [[ "$(ulimit -u)" != "unlimited" ]]; then + if [[ "$(ulimit -u)" -lt $nproc ]]; then + ulimit -u $nproc + if [[ "$(ulimit -u)" -lt $nproc ]]; then + echo "Failed to set initSysctl.nproc"; exit 1 + fi + fi + fi +--- +# Source: sonarqube-dce/templates/install-plugins.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-install-plugins + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + install_plugins.sh: |- +--- +# Source: sonarqube-dce/templates/jdbc-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-dce-jdbc-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + SONAR_JDBC_USERNAME: "sonarUser" + SONAR_JDBC_URL: "jdbc:postgresql://host-path-values.yaml-postgresql:5432/sonarDB" +--- +# Source: sonarqube-dce/charts/postgresql/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-postgresql-headless + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: default +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml +--- +# Source: sonarqube-dce/charts/postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + annotations: + namespace: default +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + role: primary +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-sonarqube-dce + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: http + protocol: TCP + name: http + selector: + app: sonarqube-dce + release: host-path-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-sonarqube-dce-headless + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - port: 9003 + targetPort: hazelcast + protocol: TCP + name: hazelcast + selector: + app: sonarqube-dce + release: host-path-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + +spec: + type: ClusterIP + ports: + - port: 9001 + targetPort: search-port + protocol: TCP + name: search + - port: 9002 + targetPort: es-port + protocol: TCP + name: es + selector: + app: sonarqube-dce-search + release: host-path-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-sonarqube-dce-search-headless + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - port: 9001 + targetPort: search-port + protocol: TCP + name: search + - port: 9002 + targetPort: es-port + protocol: TCP + name: es + selector: + app: sonarqube-dce-search + release: host-path-values.yaml +--- +# Source: sonarqube-dce/templates/sonarqube-application.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: host-path-values.yaml-sonarqube-dce-app + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + app.kubernetes.io/name: host-path-values.yaml + sonarqube.datacenter/type: "app" + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: host-path-values.yaml-sonarqube-dce + app.kubernetes.io/version: "10.8.1-datacenter-app" +spec: + replicas: 2 + revisionHistoryLimit: + strategy: + type: Recreate + selector: + matchLabels: + app: sonarqube-dce + release: host-path-values.yaml + template: + metadata: + labels: + app: sonarqube-dce + release: host-path-values.yaml + sonarqube.datacenter/type: "app" + annotations: + checksum/plugins: a02bfc5529fa5437e28b9ddbf98c3f83bd5cb92049005be774c7068a19a07826 + checksum/config: fb218c79a91d0b30b3a065fe34e2694fcb1ffa1df84fb8ffd026f68894889ab3 + checksum/secret: fdc4f26d0e6809d7dfc59b72179f694ca8b181fdf7fc462020af940536b4de9c + spec: + automountServiceAccountToken: false + initContainers: + - name: "wait-for-db" + image: sonarqube:10.8.1-datacenter-app + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + resources: + {} + command: ["/bin/bash", "-c"] + args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/host-path-values.yaml-postgresql/5432) && exit 0; sleep 2;done; exit 1'] + securityContext: + fsGroup: 0 + containers: + - name: sonarqube-dce + image: sonarqube:10.8.1-datacenter-app + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9000 + protocol: TCP + - name: hazelcast + containerPort: 9003 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 4096M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 4096M + env: + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + - name: SONAR_LOG_JSONOUTPUT + value: "false" + - name: SONAR_HELM_CHART_VERSION + value: 2025.1.0 + - name: SONAR_CLUSTER_SEARCH_HOSTS + value: "host-path-values.yaml-sonarqube-dce-search" + - name: SONAR_CLUSTER_KUBERNETES + value: "true" + - name: SONAR_CLUSTER_NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SONAR_CLUSTER_HOSTS + value: "host-path-values.yaml-sonarqube-dce-headless" + - name: SONAR_AUTH_JWTBASE64HS256SECRET + valueFrom: + secretKeyRef: + name: "host-path-values.yaml-sonarqube-dce-jwt" + key: SONAR_AUTH_JWTBASE64HS256SECRET + - name: SONAR_JDBC_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-password + - name: SONAR_WEB_SYSTEMPASSCODE + valueFrom: + secretKeyRef: + name: host-path-values.yaml-sonarqube-dce-monitoring-passcode + key: SONAR_WEB_SYSTEMPASSCODE + envFrom: + - configMapRef: + name: host-path-values.yaml-sonarqube-dce-jdbc-config + livenessProbe: + exec: + command: + - sh + - -c + - |- + host="$(hostname -i || echo '127.0.0.1')" + wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:9000/api/system/liveness" + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - |- + #!/bin/bash + # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING + # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. + host="$(hostname -i || echo '127.0.0.1')" + if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + exit 0 + fi + exit 1 + failureThreshold: 8 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 1 + startupProbe: + httpGet: + scheme: HTTP + path: /api/system/status + port: http + initialDelaySeconds: 45 + periodSeconds: 10 + failureThreshold: 32 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/data + name: sonarqube + subPath: data + - mountPath: /opt/sonarqube/temp + name: sonarqube + subPath: temp + - mountPath: /opt/sonarqube/logs + name: sonarqube + subPath: logs + - mountPath: /tmp + name: tmp-dir + serviceAccountName: default + volumes: + + - name: install-plugins + configMap: + name: host-path-values.yaml-sonarqube-dce-install-plugins + items: + - key: install_plugins.sh + path: install_plugins.sh + - name: sonarqube + hostPath: + path: /data/sonarqube/ + type: DirectoryOrCreate + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube-dce/charts/postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary + annotations: + namespace: default +spec: + serviceName: host-path-values.yaml-postgresql-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + role: primary + template: + metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + role: primary + app.kubernetes.io/component: primary + spec: + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/component: primary + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + automountServiceAccountToken: false + containers: + - name: host-path-values.yaml-postgresql + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r22 + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-postgres-password + - name: POSTGRES_USER + value: "sonarUser" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-password + - name: POSTGRES_DB + value: "sonarDB" + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + subPath: + volumes: + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "20Gi" +--- +# Source: sonarqube-dce/templates/sonarqube-search.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: host-path-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm + app.kubernetes.io/name: "host-path-values.yaml" + sonarqube.datacenter/type: "search" + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: host-path-values.yaml-sonarqube-dce + app.kubernetes.io/version: "10.8.1-datacenter-search" +spec: + podManagementPolicy : Parallel + replicas: 3 + serviceName: host-path-values.yaml-sonarqube-dce-search + selector: + matchLabels: + app: sonarqube-dce-search + release: host-path-values.yaml + volumeClaimTemplates: + - metadata: + name: host-path-values.yaml-sonarqube-dce + labels: + release: host-path-values.yaml + chart: "sonarqube-dce" + app: "host-path-values.yaml-sonarqube-dce" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "5Gi" + template: + metadata: + labels: + app: sonarqube-dce-search + release: host-path-values.yaml + sonarqube.datacenter/type: "search" + annotations: + checksum/init-sysctl: 6b0fdad9f6453eb55521c209627ad3b1115b6b025ddb0ab691580803c1ac31f2 + checksum/init-fs: eec828b49195ce2b1c154b773615879c2dfebda881d7e284db9850c8877e69f4 + checksum/config: fb218c79a91d0b30b3a065fe34e2694fcb1ffa1df84fb8ffd026f68894889ab3 + checksum/secret: fdc4f26d0e6809d7dfc59b72179f694ca8b181fdf7fc462020af940536b4de9c + spec: + automountServiceAccountToken: false + initContainers: + - name: init-sysctl + image: sonarqube:10.8.1-datacenter-app + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsUser: 0 + resources: + {} + command: ["/bin/bash", + "-e", + "/tmp/scripts/init_sysctl.sh"] + volumeMounts: + - name: init-sysctl + mountPath: /tmp/scripts/ + - name: init-fs + image: sonarqube:10.8.1-datacenter-app + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + add: + - CHOWN + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + resources: + {} + command: ["sh", + "-ex", + "/tmp/scripts/init_fs.sh"] + volumeMounts: + - name: init-fs + mountPath: /tmp/scripts/ + - mountPath: /opt/sonarqube/certs + name: "host-path-values.yaml-sonarqube-dce" + subPath: certs + - mountPath: /opt/sonarqube/data + name: "host-path-values.yaml-sonarqube-dce" + subPath: data + - mountPath: /opt/sonarqube/temp + name: "host-path-values.yaml-sonarqube-dce" + subPath: temp + - mountPath: /opt/sonarqube/logs + name: "host-path-values.yaml-sonarqube-dce" + subPath: logs + - mountPath: /tmp + name: tmp-dir + securityContext: + fsGroup: 0 + containers: + - name: sonarqube-dce-search + image: "sonarqube:10.8.1-datacenter-search" + imagePullPolicy: IfNotPresent + ports: + - name: search-port + containerPort: 9001 + protocol: TCP + - name: es-port + containerPort: 9002 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 3072M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 3072M + env: + - name: SONAR_LOG_JSONOUTPUT + value: "false" + - name: SONAR_CLUSTER_ES_HOSTS + value: "host-path-values.yaml-sonarqube-dce-search-0,host-path-values.yaml-sonarqube-dce-search-1,host-path-values.yaml-sonarqube-dce-search-2," + - name: SONAR_CLUSTER_ES_DISCOVERY_SEED_HOSTS + value: "host-path-values.yaml-sonarqube-dce-search-headless" + - name: SONAR_CLUSTER_NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered live if http call returns 200 + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?local=true" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 0 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered ready if the status of embedded ES is green or yellow + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 0 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 1 + startupProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered started if http call returns 200 + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?local=true" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 20 + periodSeconds: 10 + failureThreshold: 24 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/certs + name: "host-path-values.yaml-sonarqube-dce" + subPath: certs + readOnly: true + - mountPath: /opt/sonarqube/data + name: "host-path-values.yaml-sonarqube-dce" + subPath: data + - mountPath: /opt/sonarqube/temp + name: "host-path-values.yaml-sonarqube-dce" + subPath: temp + - mountPath: /opt/sonarqube/logs + name: "host-path-values.yaml-sonarqube-dce" + subPath: logs + - mountPath: /tmp + name: tmp-dir + serviceAccountName: default + volumes: + + - name: init-sysctl + configMap: + name: host-path-values.yaml-sonarqube-dce-init-sysctl + items: + - key: init_sysctl.sh + path: init_sysctl.sh + - name: init-fs + configMap: + name: host-path-values.yaml-sonarqube-dce-init-fs + items: + - key: init_fs.sh + path: init_fs.sh + - name: "host-path-values.yaml-sonarqube-dce" + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube-dce/templates/tests/sonarqube-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "host-path-values.yaml-ui-test" + annotations: + "helm.sh/hook": test-success + labels: + app: sonarqube-dce + chart: sonarqube-dce-2025.1.0 + release: host-path-values.yaml + heritage: Helm +spec: + automountServiceAccountToken: false + containers: + - name: host-path-values.yaml-ui-test + image: "sonarqube:10.8.1-datacenter-app" + imagePullPolicy: IfNotPresent + command: ['wget'] + args: [ + '--retry-connrefused', + '--waitretry=1', + '--timeout=5', + '-t', + '1200', + '-qO-', + 'host-path-values.yaml-sonarqube-dce:9000/api/system/status' + ] + resources: + limits: + cpu: 500m + ephemeral-storage: 1000M + memory: 200M + requests: + cpu: 500m + ephemeral-storage: 100M + memory: 200M + restartPolicy: Never diff --git a/tests/unit-compatibility-test/fixtures/sonarqube/host-path-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube/host-path-values.yaml new file mode 100644 index 000000000..4621e861c --- /dev/null +++ b/tests/unit-compatibility-test/fixtures/sonarqube/host-path-values.yaml @@ -0,0 +1,604 @@ +--- +# Source: sonarqube/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + namespace: default +type: Opaque +data: + postgresql-postgres-password: "dG90bw==" + postgresql-password: "c29uYXJQYXNz" +--- +# Source: sonarqube/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-sonarqube-monitoring-passcode + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_WEB_SYSTEMPASSCODE: "dGVzdA==" +--- +# Source: sonarqube/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: host-path-values.yaml-sonarqube-http-proxies + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +type: Opaque +stringData: + PLUGINS-HTTP-PROXY: "" + PLUGINS-HTTPS-PROXY: "" + PLUGINS-NO-PROXY: "" + PROMETHEUS-EXPORTER-HTTP-PROXY: "" + PROMETHEUS-EXPORTER-HTTPS-PROXY: "" + PROMETHEUS-EXPORTER-NO-PROXY: "" +--- +# Source: sonarqube/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-config + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube/templates/init-sysctl.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-init-sysctl + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + init_sysctl.sh: |- + set -o errexit + set -o xtrace + vmMaxMapCount=524288 + if [[ "$(sysctl -n vm.max_map_count)" -lt $vmMaxMapCount ]]; then + sysctl -w vm.max_map_count=$vmMaxMapCount + if [[ "$(sysctl -n vm.max_map_count)" -lt $vmMaxMapCount ]]; then + echo "Failed to set initSysctl.vmMaxMapCount"; exit 1 + fi + fi + fsFileMax=131072 + if [[ "$(sysctl -n fs.file-max)" -lt $fsFileMax ]]; then + sysctl -w fs.file-max=$fsFileMax + if [[ "$(sysctl -n fs.file-max)" -lt $fsFileMax ]]; then + echo "Failed to set initSysctl.fsFileMax"; exit 1 + fi + fi + nofile=131072 + if [[ "$(ulimit -n)" != "unlimited" ]]; then + if [[ "$(ulimit -n)" -lt $nofile ]]; then + ulimit -n $nofile + if [[ "$(ulimit -n)" -lt $nofile ]]; then + echo "Failed to set initSysctl.nofile"; exit 1 + fi + fi + fi + nproc=8192 + if [[ "$(ulimit -u)" != "unlimited" ]]; then + if [[ "$(ulimit -u)" -lt $nproc ]]; then + ulimit -u $nproc + if [[ "$(ulimit -u)" -lt $nproc ]]; then + echo "Failed to set initSysctl.nproc"; exit 1 + fi + fi + fi +--- +# Source: sonarqube/templates/install-plugins.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-install-plugins + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + install_plugins.sh: |- +--- +# Source: sonarqube/templates/jdbc-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: host-path-values.yaml-sonarqube-jdbc-config + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +data: + SONAR_JDBC_USERNAME: "sonarUser" + SONAR_JDBC_URL: "jdbc:postgresql://host-path-values.yaml-postgresql:5432/sonarDB" +--- +# Source: sonarqube/charts/postgresql/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-postgresql-headless + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: default +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml +--- +# Source: sonarqube/charts/postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + annotations: + namespace: default +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + role: primary +--- +# Source: sonarqube/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: host-path-values.yaml-sonarqube + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: http + protocol: TCP + name: http + selector: + app: sonarqube + release: host-path-values.yaml +--- +# Source: sonarqube/charts/postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary + annotations: + namespace: default +spec: + serviceName: host-path-values.yaml-postgresql-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + role: primary + template: + metadata: + name: host-path-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + role: primary + app.kubernetes.io/component: primary + spec: + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/component: primary + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + automountServiceAccountToken: false + containers: + - name: host-path-values.yaml-postgresql + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r22 + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-postgres-password + - name: POSTGRES_USER + value: "sonarUser" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-password + - name: POSTGRES_DB + value: "sonarDB" + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + subPath: + volumes: + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "20Gi" +--- +# Source: sonarqube/templates/sonarqube-sts.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: host-path-values.yaml-sonarqube + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm + app.kubernetes.io/name: host-path-values.yaml + app.kubernetes.io/instance: host-path-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: host-path-values.yaml-sonarqube + app.kubernetes.io/version: "24.12.0.100206-community" +spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: host-path-values.yaml-sonarqube + selector: + matchLabels: + app: sonarqube + release: host-path-values.yaml + template: + metadata: + annotations: + checksum/config: 4792b905ea566b3cd6c2a37c3f31ea507613c7ed228de66d3f18ea11fd4ebcdb + checksum/init-sysctl: aee54b135972935021c3282fa300c7d79a7cfc6ddcd3fdc0ae65e73346d1f247 + checksum/plugins: 0f1d4efbecfbb0a63662c84a6663834da2e82a40f62c66ec352de7068de9cb07 + checksum/secret: 3597182a9bcfaf258a3162bbce55c163fbfbcc8f175b5379e84976fa8a776086 + labels: + app: sonarqube + release: host-path-values.yaml + spec: + automountServiceAccountToken: false + securityContext: + fsGroup: 0 + initContainers: + - name: "wait-for-db" + image: sonarqube:24.12.0.100206-community + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + command: ["/bin/bash", "-c"] + args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/host-path-values.yaml-postgresql/5432) && exit 0; sleep 2;done; exit 1'] + - name: init-sysctl + image: sonarqube:24.12.0.100206-community + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsUser: 0 + command: ["/bin/bash", "-e", "/tmp/scripts/init_sysctl.sh"] + volumeMounts: + - name: init-sysctl + mountPath: /tmp/scripts/ + env: + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + containers: + - name: sonarqube + image: sonarqube:24.12.0.100206-community + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9000 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 6144M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 2048M + env: + - name: SONAR_HELM_CHART_VERSION + value: 2025.1.0 + - name: SONAR_JDBC_PASSWORD + valueFrom: + secretKeyRef: + name: host-path-values.yaml-postgresql + key: postgresql-password + - name: SONAR_WEB_SYSTEMPASSCODE + valueFrom: + secretKeyRef: + name: host-path-values.yaml-sonarqube-monitoring-passcode + key: SONAR_WEB_SYSTEMPASSCODE + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + envFrom: + - configMapRef: + name: host-path-values.yaml-sonarqube-jdbc-config + livenessProbe: + exec: + command: + - sh + - -c + - | + wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:9000/api/system/liveness" + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING + # status about migration are added to prevent the node to be kill while SonarQube is upgrading the database. + if wget --no-proxy -qO- http://localhost:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + exit 0 + fi + exit 1 + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 1 + startupProbe: + httpGet: + scheme: HTTP + path: /api/system/status + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 24 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/data + name: sonarqube + subPath: data + - mountPath: /opt/sonarqube/temp + name: sonarqube + subPath: temp + - mountPath: /opt/sonarqube/logs + name: sonarqube + subPath: logs + - mountPath: /tmp + name: tmp-dir + - mountPath: /opt/sonarqube/extensions + name: sonarqube + subPath: extensions + serviceAccountName: default + volumes: + + - name: init-sysctl + configMap: + name: host-path-values.yaml-sonarqube-init-sysctl + items: + - key: init_sysctl.sh + path: init_sysctl.sh + - name: sonarqube + hostPath: + path: /data/sonarqube/ + type: DirectoryOrCreate + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube/templates/tests/sonarqube-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "host-path-values.yaml-ui-test" + annotations: + "helm.sh/hook": test-success + labels: + app: sonarqube + chart: sonarqube-2025.1.0 + release: host-path-values.yaml + heritage: Helm +spec: + automountServiceAccountToken: false + containers: + - name: host-path-values.yaml-ui-test + image: "sonarqube:24.12.0.100206-community" + imagePullPolicy: IfNotPresent + command: ['wget'] + args: [ + '--retry-connrefused', + '--waitretry=1', + '--timeout=5', + '-t', + '12', + '-qO-', + 'host-path-values.yaml-sonarqube:9000/api/system/status' + ] + resources: + limits: + cpu: 500m + ephemeral-storage: 1000M + memory: 200M + requests: + cpu: 500m + ephemeral-storage: 100M + memory: 200M + restartPolicy: Never diff --git a/tests/unit-compatibility-test/sonarqube-dce/host-path-values.yaml b/tests/unit-compatibility-test/sonarqube-dce/host-path-values.yaml new file mode 100644 index 000000000..29fbb9a07 --- /dev/null +++ b/tests/unit-compatibility-test/sonarqube-dce/host-path-values.yaml @@ -0,0 +1,4 @@ +hostPath: + enabled: true + path: /data/sonarqube/ + type: DirectoryOrCreate \ No newline at end of file diff --git a/tests/unit-compatibility-test/sonarqube/host-path-values.yaml b/tests/unit-compatibility-test/sonarqube/host-path-values.yaml new file mode 100644 index 000000000..29fbb9a07 --- /dev/null +++ b/tests/unit-compatibility-test/sonarqube/host-path-values.yaml @@ -0,0 +1,4 @@ +hostPath: + enabled: true + path: /data/sonarqube/ + type: DirectoryOrCreate \ No newline at end of file