From df0d773655c99fd59c8b9012cb14b77d0e74c7f2 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Tue, 2 Nov 2021 12:52:51 +0100 Subject: [PATCH] Add new chart: Sonarqube (#7819) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Add new chart: Sonarqube Signed-off-by: juan131 * Complete missing parameters and sections Signed-off-by: juan131 * Add ct-values.yaml Signed-off-by: juan131 * Apply suggestions from code review Co-authored-by: Carlos Rodríguez Hernández * Run readme-generator after code review suggestions Signed-off-by: juan131 * Fix typo Signed-off-by: juan131 * Add support to expose metrics Signed-off-by: juan131 * Use port 80 for HTTP port on svc by default Signed-off-by: juan131 * Add Autoscaling parameters Signed-off-by: juan131 * [bitnami/sonarqube] Update components versions Signed-off-by: Bitnami Containers Co-authored-by: Carlos Rodríguez Hernández Co-authored-by: Bitnami Containers --- bitnami/sonarqube/.helmignore | 21 + bitnami/sonarqube/Chart.lock | 9 + bitnami/sonarqube/Chart.yaml | 31 + bitnami/sonarqube/README.md | 403 ++++++++ bitnami/sonarqube/ci/ct-values.yaml | 2 + .../ci/values-with-ingress-and-metrics.yaml | 14 + bitnami/sonarqube/templates/NOTES.txt | 101 ++ bitnami/sonarqube/templates/_helpers.tpl | 194 ++++ bitnami/sonarqube/templates/deployment.yaml | 303 ++++++ .../templates/externaldb-secret.yaml | 17 + bitnami/sonarqube/templates/extra-list.yaml | 4 + bitnami/sonarqube/templates/ingress.yaml | 59 ++ .../sonarqube/templates/jmx-configmap.yaml | 17 + .../sonarqube/templates/jmx-metrics-svc.yaml | 29 + .../templates/jmx-servicemonitor.yaml | 48 + bitnami/sonarqube/templates/pvc.yaml | 26 + bitnami/sonarqube/templates/secret.yaml | 22 + .../sonarqube/templates/service-account.yaml | 13 + bitnami/sonarqube/templates/service.yaml | 46 + bitnami/sonarqube/templates/tls-secret.yaml | 44 + bitnami/sonarqube/values.yaml | 859 ++++++++++++++++++ 21 files changed, 2262 insertions(+) create mode 100644 bitnami/sonarqube/.helmignore create mode 100644 bitnami/sonarqube/Chart.lock create mode 100644 bitnami/sonarqube/Chart.yaml create mode 100644 bitnami/sonarqube/README.md create mode 100644 bitnami/sonarqube/ci/ct-values.yaml create mode 100644 bitnami/sonarqube/ci/values-with-ingress-and-metrics.yaml create mode 100644 bitnami/sonarqube/templates/NOTES.txt create mode 100644 bitnami/sonarqube/templates/_helpers.tpl create mode 100644 bitnami/sonarqube/templates/deployment.yaml create mode 100644 bitnami/sonarqube/templates/externaldb-secret.yaml create mode 100644 bitnami/sonarqube/templates/extra-list.yaml create mode 100644 bitnami/sonarqube/templates/ingress.yaml create mode 100644 bitnami/sonarqube/templates/jmx-configmap.yaml create mode 100644 bitnami/sonarqube/templates/jmx-metrics-svc.yaml create mode 100644 bitnami/sonarqube/templates/jmx-servicemonitor.yaml create mode 100644 bitnami/sonarqube/templates/pvc.yaml create mode 100644 bitnami/sonarqube/templates/secret.yaml create mode 100644 bitnami/sonarqube/templates/service-account.yaml create mode 100644 bitnami/sonarqube/templates/service.yaml create mode 100644 bitnami/sonarqube/templates/tls-secret.yaml create mode 100644 bitnami/sonarqube/values.yaml diff --git a/bitnami/sonarqube/.helmignore b/bitnami/sonarqube/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/bitnami/sonarqube/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/bitnami/sonarqube/Chart.lock b/bitnami/sonarqube/Chart.lock new file mode 100644 index 0000000000..b367e0b4fe --- /dev/null +++ b/bitnami/sonarqube/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.13.4 +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.10.1 +digest: sha256:7f055c695b3bde5ba13ba32a19eaebd0d16dd451a365ea68d3822478589f6c8a +generated: "2021-11-02T11:06:37.542452396Z" diff --git a/bitnami/sonarqube/Chart.yaml b/bitnami/sonarqube/Chart.yaml new file mode 100644 index 0000000000..20057e4d0c --- /dev/null +++ b/bitnami/sonarqube/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + category: DeveloperTools +apiVersion: v2 +appVersion: 9.1.0 +dependencies: + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 10.x.x + - name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: SonarQube is an open source quality management platform that analyzes and measures code's technical quality. It enables developers to detect code issues, vulnerabilities, and bugs in early stages. +engine: gotpl +home: https://github.com/bitnami/charts/tree/master/bitnami/sonarqube +icon: https://bitnami.com/assets/stacks/sonarqube/img/sonarqube-stack-220x234.png +keywords: + - sonarqube + - code-quality + - code-review + - static-analysis +maintainers: + - email: containers@bitnami.com + name: Bitnami +name: sonarqube +sources: + - https://github.com/bitnami/bitnami-docker-sonarqube + - https://github.com/SonarSource/sonarqube +version: 0.1.0 diff --git a/bitnami/sonarqube/README.md b/bitnami/sonarqube/README.md new file mode 100644 index 0000000000..ece47f838b --- /dev/null +++ b/bitnami/sonarqube/README.md @@ -0,0 +1,403 @@ +# SonarQube + +SonarQube is an open source quality management platform that analyzes and measures code's technical quality. It enables developers to detect code issues, vulnerabilities, and bugs in early stages. + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/sonarqube +``` + +## Introduction + +This chart bootstraps an [SonarQube](https://github.com/bitnami/bitnami-docker-sonarqube) cluster on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure +- ReadWriteMany volumes for deployment scaling + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/sonarqubes +``` + +The command deploys SonarQube on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.fullname | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### SonarQube Image parameters + +| Name | Description | Value | +| ------------------- | ---------------------------------------------------- | -------------------- | +| `image.registry` | SonarQube image registry | `docker.io` | +| `image.repository` | SonarQube image repository | `bitnami/sonarqube` | +| `image.tag` | SonarQube image tag (immutable tags are recommended) | `9.1.0-debian-10-r1` | +| `image.pullPolicy` | SonarQube image pull policy | `IfNotPresent` | +| `image.pullSecrets` | SonarQube image pull secrets | `[]` | +| `image.debug` | Enable SonarQube image debug mode | `false` | + + +### SonarQube Configuration parameters + +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------- | ------------------ | +| `sonarqubeUsername` | SonarQube username | `user` | +| `sonarqubePassword` | SonarQube user password | `""` | +| `existingSecret` | Name of existing secret containing SonarQube credentials | `""` | +| `sonarqubeEmail` | SonarQube user email | `user@example.com` | +| `minHeapSize` | Minimum heap size for SonarQube | `1024m` | +| `maxHeapSize` | Maximum heap size for SonarQube | `2048m` | +| `startTimeout` | Timeout for the application to start in seconds | `150` | +| `extraProperties` | List of extra properties to be set in the sonar.properties file (key=value format) | `[]` | +| `sonarqubeSkipInstall` | Skip wizard installation | `false` | +| `smtpHost` | SMTP server host | `""` | +| `smtpPort` | SMTP server port | `""` | +| `smtpUser` | SMTP username | `""` | +| `smtpPassword` | SMTP user password | `""` | +| `smtpProtocol` | SMTP protocol | `""` | +| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Array with extra environment variables to add to SonarQube nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for SonarQube nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for SonarQube nodes | `""` | + + +### SonarQube deployment parameters + +| Name | Description | Value | +| --------------------------------------- | ----------------------------------------------------------------------------------------- | --------------- | +| `replicaCount` | Number of SonarQube replicas to deploy | `1` | +| `containerPorts.http` | SonarQube HTTP container port | `9000` | +| `containerPorts.elastic` | SonarQube Elasticsearch container port | `9001` | +| `livenessProbe.enabled` | Enable livenessProbe on SonarQube containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `100` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on SonarQube containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `100` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on SonarQube containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resources.limits` | The resources limits for the SonarQube containers | `{}` | +| `resources.requests` | The requested resources for the SonarQube containers | `{}` | +| `podSecurityContext.enabled` | Enabled SonarQube pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set SonarQube pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled SonarQube containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set SonarQube containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set SonarQube containers' Security Context runAsNonRoot | `true` | +| `hostAliases` | SonarQube pods host aliases | `[]` | +| `podLabels` | Extra labels for SonarQube pods | `{}` | +| `podAnnotations` | Annotations for SonarQube pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for SonarQube pods assignment | `{}` | +| `nodeSelector` | Node labels for SonarQube pods assignment | `{}` | +| `tolerations` | Tolerations for SonarQube pods assignment | `[]` | +| `updateStrategy.type` | SonarQube statefulset strategy type | `RollingUpdate` | +| `priorityClassName` | SonarQube pods' priorityClassName | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) for SonarQube pods | `""` | +| `lifecycleHooks` | for the SonarQube container(s) to automate configuration before or after startup | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the SonarQube pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the SonarQube container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the SonarQube pod(s) | `{}` | +| `initContainers` | Add additional init containers to the SonarQube pod(s) | `{}` | + + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `service.type` | SonarQube service type | `LoadBalancer` | +| `service.ports.http` | SonarQube service HTTP port | `80` | +| `service.ports.elastic` | SonarQube service ElasticSearch port | `9001` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.nodePorts.elastic` | Node port for ElasticSearch | `""` | +| `service.clusterIP` | SonarQube service Cluster IP | `""` | +| `service.loadBalancerIP` | SonarQube service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | SonarQube service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | SonarQube service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for SonarQube service | `{}` | +| `service.extraPorts` | Extra ports to expose in SonarQube service (normally used with the `sidecars` value) | `[]` | +| `ingress.enabled` | Enable ingress record generation for SonarQube | `false` | +| `ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.hostname` | Default host for the ingress record | `sonarqube.local` | +| `ingress.path` | Default path for the ingress record | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | + + +### Persistence Parameters + +| Name | Description | Value | +| ------------------------------------------------------ | ----------------------------------------------------------------------------------------------- | ----------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `true` | +| `persistence.storageClass` | Persistent Volume storage class | `""` | +| `persistence.accessModes` | Persistent Volume access modes | `[]` | +| `persistence.size` | Persistent Volume size | `10Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | +| `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r225` | +| `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | +| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | + + +### Sysctl Image parameters + +| Name | Description | Value | +| --------------------------- | -------------------------------------------------------- | ----------------------- | +| `sysctl.enabled` | Enable kernel settings modifier image | `true` | +| `sysctl.image.registry` | Bitnami Shell image registry | `docker.io` | +| `sysctl.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | +| `sysctl.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `10-debian-10-r225` | +| `sysctl.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | +| `sysctl.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | +| `sysctl.resources.limits` | The resources limits for the init container | `{}` | +| `sysctl.resources.requests` | The requested resources for the init container | `{}` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------- | ------- | +| `rbac.create` | Specifies whether RBAC resources should be created | `false` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `autoscaling.enabled` | Enable Horizontal POD autoscaling for SonarQube | `false` | +| `autoscaling.minReplicas` | Minimum number of SonarQube replicas | `1` | +| `autoscaling.maxReplicas` | Maximum number of SonarQube replicas | `11` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `50` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `50` | + + +### Metrics parameters + +| Name | Description | Value | +| --------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------------- | +| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | +| `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | +| `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.16.1-debian-10-r66` | +| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | +| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.jmx.containerPorts.metrics` | JMX Exporter metrics container port | `10445` | +| `metrics.jmx.resources.limits` | The resources limits for the init container | `{}` | +| `metrics.jmx.resources.requests` | The requested resources for the init container | `{}` | +| `metrics.jmx.containerSecurityContext.enabled` | Enabled JMX Exporter containers' Security Context | `true` | +| `metrics.jmx.containerSecurityContext.runAsUser` | Set JMX Exporter containers' Security Context runAsUser | `1001` | +| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set JMX Exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.jmx.whitelistObjectNames` | Allows setting which JMX objects you want to expose to via JMX stats to JMX Exporter | `[]` | +| `metrics.jmx.configuration` | Configuration file for JMX exporter | `""` | +| `metrics.jmx.service.ports.metrics` | JMX Exporter Prometheus port | `10443` | +| `metrics.jmx.service.annotations` | Annotations for the JMX Exporter Prometheus metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | + + +### PostgreSQL subchart settings + +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------------- | ------------------- | +| `postgresql.enabled` | Deploy PostgreSQL subchart | `true` | +| `postgresql.nameOverride` | Override name of the PostgreSQL chart | `""` | +| `postgresql.existingSecret` | Existing secret containing the password of the PostgreSQL chart | `""` | +| `postgresql.postgresqlPassword` | Password for the postgres user of the PostgreSQL chart (auto-generated if not set) | `""` | +| `postgresql.postgresqlUsername` | Username to create when deploying the PostgreSQL chart | `bn_sonarqube` | +| `postgresql.postgresqlDatabase` | Database to create when deploying the PostgreSQL chart | `bitnami_sonarqube` | +| `postgresql.service.port` | PostgreSQL service port | `5432` | +| `postgresql.persistence.enabled` | Use PVCs when deploying the PostgreSQL chart | `true` | +| `postgresql.persistence.existingClaim` | Use an existing PVC when deploying the PostgreSQL chart | `""` | +| `postgresql.persistence.storageClass` | storageClass of the created PVCs | `""` | +| `postgresql.persistence.accessMode` | Access mode of the created PVCs | `ReadWriteOnce` | +| `postgresql.persistence.size` | Size of the created PVCs | `8Gi` | + + +### External Database settings + +| Name | Description | Value | +| --------------------------------- | --------------------------------------------------------------------------------------------------------------- | ----------- | +| `externalDatabase.host` | Host of an external PostgreSQL instance to connect (only if postgresql.enabled=false) | `""` | +| `externalDatabase.user` | User of an external PostgreSQL instance to connect (only if postgresql.enabled=false) | `postgres` | +| `externalDatabase.password` | Password of an external PostgreSQL instance to connect (only if postgresql.enabled=false) | `""` | +| `externalDatabase.existingSecret` | Secret containing the password of an external PostgreSQL instance to connect (only if postgresql.enabled=false) | `""` | +| `externalDatabase.database` | Database inside an external PostgreSQL to connect (only if postgresql.enabled=false) | `sonarqube` | +| `externalDatabase.port` | Port of an external PostgreSQL to connect (only if postgresql.enabled=false) | `5432` | + + +The above parameters map to the env variables defined in [bitnami/sonarqube](http://github.com/bitnami/bitnami-docker-sonarqube). For more information please refer to the [bitnami/sonarqube](http://github.com/bitnami/bitnami-docker-sonarqube) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set sonarqubeUsername=admin \ + --set sonarqubePassword=password \ + --set postgresql.postgresqlPassword=secretpassword \ + bitnami/sonarqube +``` + +The above command sets the sonarqube administrator account username and password to `admin` and `password` respectively. Additionally, it sets the PostgreSQL `postgres` user password to `secretpassword`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/sonarqube +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Default kernel settings + +Currently, SonarQube requires some changes in the kernel of the host machine to work as expected. If those values are not set in the underlying operating system, the SonarQube containers fail to boot with ERROR messages. More information about these requirements can be found in the links below: + +- [File Descriptor requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/file-descriptors.html) +- [Virtual memory requirements](https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html) + +This chart uses a **privileged** initContainer to change those settings in the Kernel by running: `sysctl -w vm.max_map_count=262144 && sysctl -w fs.file-max=65536`. You can disable the initContainer using the `sysctl.enabled=false` parameter. + +### External database support + +You may want to have SonarQube connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, set the `postgresql.enabled` parameter to `false` and specify the credentials for the external database using the `externalDatabase.*` parameters. + +Refer to the [chart documentation on using an external database](https://docs.bitnami.com/kubernetes/apps/sonarqube/configuration/use-external-database) for more details and an example. + +### Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/master/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/master/bitnami/contour) you can utilize the ingress controller to serve your application. + +To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/sonarqube/configuration/configure-use-ingress/). + +### TLS secrets + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/sonarqube/administration/enable-tls/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +sonarqube: + extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as SonarQube (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/sonarqube/administration/configure-use-sidecars/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Persistence + +The [Bitnami SonarQube](https://github.com/bitnami/bitnami-docker-sonarqube) image stores the SonarQube data and configurations at the `/bitnami/sonarqube` path of the container. Persistent Volume Claims are used to keep the data across deployments. [Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/apps/sonarqube/configuration/chart-persistence/). + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. + +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). diff --git a/bitnami/sonarqube/ci/ct-values.yaml b/bitnami/sonarqube/ci/ct-values.yaml new file mode 100644 index 0000000000..b738e2a57a --- /dev/null +++ b/bitnami/sonarqube/ci/ct-values.yaml @@ -0,0 +1,2 @@ +service: + type: ClusterIP diff --git a/bitnami/sonarqube/ci/values-with-ingress-and-metrics.yaml b/bitnami/sonarqube/ci/values-with-ingress-and-metrics.yaml new file mode 100644 index 0000000000..f65870e726 --- /dev/null +++ b/bitnami/sonarqube/ci/values-with-ingress-and-metrics.yaml @@ -0,0 +1,14 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct +service: + type: ClusterIP +ingress: + enabled: true + hostname: sonarqube.local +volumePermissions: + enabled: true +metrics: + jmx: + enabled: true + serviceMonitor: + enabled: true diff --git a/bitnami/sonarqube/templates/NOTES.txt b/bitnami/sonarqube/templates/NOTES.txt new file mode 100644 index 0000000000..c6ca4310f1 --- /dev/null +++ b/bitnami/sonarqube/templates/NOTES.txt @@ -0,0 +1,101 @@ + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ .Release.Namespace }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ .Release.Namespace }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + /opt/bitnami/scripts/sonarqube/entrypoint.sh /opt/bitnami/scripts/sonarqube/run.sh + +{{- else }} +{{- $port := .Values.service.ports.http | toString }} + +Your SonarQube site can be accessed through the following DNS name from within your cluster: + + {{ include "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} (port {{ $port }}) + +To access your SonarQube site from outside the cluster follow the steps below: + +{{- if .Values.ingress.enabled }} + +1. Get the SonarQube URL and associate SonarQube hostname to your cluster external IP: + + export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters + echo "SonarQube URL: http{{ if .Values.ingress.tls }}s{{ end }}://{{ .Values.ingress.hostname }}/" + echo "$CLUSTER_IP {{ .Values.ingress.hostname }}" | sudo tee -a /etc/hosts + +{{- else }} + +1. Get the SonarQube URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "SonarQube URL: http://$NODE_IP:$NODE_PORT/" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo "SonarQube URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ $port }}{{ end }}/" + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ $port }}:{{ $port }} & + echo "SonarQube URL: http://127.0.0.1{{- if ne $port "80" }}:{{ $port }}{{ end }}/" + +{{- end }} +{{- end }} + +2. Open a browser and access SonarQube using the obtained URL. + +3. Login with the following credentials below: + + echo Username: {{ .Values.sonarqubeUsername }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} -o jsonpath="{.data.sonarqube-password}" | base64 --decode) + +{{- if .Values.metrics.jmx.enabled }} + +You can access the JMX Prometheus metrics following the steps below: + +1. Get the JMX Prometheus metrics URL by running: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }} {{ .Values.metrics.jmx.service.ports.metrics }}:{{ .Values.metrics.jmx.service.ports.metrics }} & + echo "JMX Prometheus metrics URL: http://127.0.0.1:{{ .Values.metrics.jmx.service.ports.metrics }}/" + +2. Open a browser and access JMX Prometheus metrics using the obtained URL. + +{{- end }} +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.rollingTag" .Values.sysctl.image }} +{{- include "sonarqube.validateValues" . }} +{{- $passwordValidationErrors := list -}} +{{- if not .Values.existingSecret -}} + {{- $secretName := include "sonarqube.secretName" . -}} + {{- $requiredSonarQubePassword := dict "valueKey" "sonarqubePassword" "secret" $secretName "field" "sonarqube-password" "context" $ -}} + {{- $requiredSonarQubePasswordError := include "common.validations.values.single.empty" $requiredSonarQubePassword -}} + {{- $passwordValidationErrors = append $passwordValidationErrors $requiredSonarQubePasswordError -}} +{{- end }} +{{- if .Values.postgresql.enabled }} + {{- $dbSecretName := include "sonarqube.database.secretName" . -}} + {{- $dbPasswordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" $dbSecretName "subchart" true "context" $) -}} +{{- end }} +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} diff --git a/bitnami/sonarqube/templates/_helpers.tpl b/bitnami/sonarqube/templates/_helpers.tpl new file mode 100644 index 0000000000..9e0f4c98df --- /dev/null +++ b/bitnami/sonarqube/templates/_helpers.tpl @@ -0,0 +1,194 @@ +{{/* +Return the proper SonarQube image name +*/}} +{{- define "sonarqube.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "sonarqube.volumePermissions.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}} +{{- end -}} + +{{/* +Return the proper sysctl image name +*/}} +{{- define "sonarqube.sysctl.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.sysctl.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper sysctl image name +*/}} +{{- define "sonarqube.metrics.jmx.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.jmx.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Container Image Registry Secret Names +*/}} +{{- define "sonarqube.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.sysctl.image .Values.metrics.jmx.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sonarqube.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name for PostgreSQL +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "sonarqube.postgresql.fullname" -}} +{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the Database Hostname +*/}} +{{- define "sonarqube.database.host" -}} +{{- if .Values.postgresql.enabled }} + {{- printf "%s" (include "sonarqube.postgresql.fullname" .) -}} +{{- else -}} + {{- .Values.externalDatabase.host | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database Port +*/}} +{{- define "sonarqube.database.port" -}} +{{- if .Values.postgresql.enabled }} + {{- printf "5432" -}} +{{- else -}} + {{- .Values.externalDatabase.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database Name +*/}} +{{- define "sonarqube.database.name" -}} +{{- if .Values.postgresql.enabled }} + {{- printf "%s" .Values.postgresql.postgresqlDatabase -}} +{{- else -}} + {{- .Values.externalDatabase.database | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database User +*/}} +{{- define "sonarqube.database.username" -}} +{{- if .Values.postgresql.enabled }} + {{- printf "%s" .Values.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.externalDatabase.user | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Return the Database Secret Name +*/}} +{{- define "sonarqube.database.secretName" -}} +{{- if .Values.postgresql.enabled }} + {{- if .Values.postgresql.existingSecret -}} + {{- printf "%s" .Values.postgresql.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "sonarqube.postgresql.fullname" .) -}} + {{- end -}} +{{- else if .Values.externalDatabase.existingSecret -}} + {{- printf "%s" .Values.externalDatabase.existingSecret -}} +{{- else -}} + {{- printf "%s-externaldb" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a SonarQube authentication credentials secret object should be created +*/}} +{{- define "sonarqube.createSecret" -}} +{{- if or (not .Values.existingSecret) (and (not .Values.smtpExistingSecret) .Values.smtpPassword) }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return the SonarQube Secret Name +*/}} +{{- define "sonarqube.secretName" -}} +{{- if .Values.existingSecret }} + {{- printf "%s" (tpl .Values.existingSecret .) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the SMTP Secret Name +*/}} +{{- define "sonarqube.smtpSecretName" -}} +{{- if .Values.smtpExistingSecret }} + {{- printf "%s" (tpl .Values.smtpExistingSecret .) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Sysctl set a property if less than a given value +*/}} +{{- define "sonarqube.sysctl.ifLess" -}} +CURRENT="$(sysctl -n {{ .key }})" +DESIRED="{{ .value }}" +if [[ "$DESIRED" -gt "$CURRENT" ]]; then + sysctl -w {{ .key }}={{ .value }} +fi +{{- end -}} + +{{/* +Return true if cert-manager required annotations for TLS signed certificates are set in the Ingress annotations +Ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations +*/}} +{{- define "sonarqube.ingress.certManagerRequest" -}} +{{ if or (hasKey . "cert-manager.io/cluster-issuer") (hasKey . "cert-manager.io/issuer") }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message. +*/}} +{{- define "sonarqube.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "sonarqube.validateValues.database" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of SonarQube - Database */}} +{{- define "sonarqube.validateValues.database" -}} +{{- if and (not .Values.postgresql.enabled) (or (empty .Values.externalDatabase.host) (empty .Values.externalDatabase.port) (empty .Values.externalDatabase.database)) -}} +sonarqube: database + You disable the PostgreSQL installation but you did not provide the required parameters + to use an external database. To use an external database, please ensure you provide + (at least) the following values: + + externalDatabase.host=DB_SERVER_HOST + externalDatabase.port=DB_SERVER_PORT + externalDatabase.database=DB_NAME +{{- end -}} +{{- end -}} diff --git a/bitnami/sonarqube/templates/deployment.yaml b/bitnami/sonarqube/templates/deployment.yaml new file mode 100644 index 0000000000..d22cbc63cb --- /dev/null +++ b/bitnami/sonarqube/templates/deployment.yaml @@ -0,0 +1,303 @@ +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + template: + metadata: + annotations: + {{- if (include "sonarqube.createSecret" .) }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + checksum/jmx-configuration: {{ include (print $.Template.BasePath "/jmx-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + spec: + serviceAccountName: {{ include "sonarqube.serviceAccountName" . }} + {{- include "sonarqube.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.initContainers .Values.sysctl.enabled (and .Values.volumePermissions.enabled .Values.persistence.enabled) }} + initContainers: + {{- if .Values.sysctl.enabled }} + ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) + - name: sysctl + image: {{ include "sonarqube.sysctl.image" . }} + imagePullPolicy: {{ .Values.sysctl.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + {{- include "sonarqube.sysctl.ifLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }} + {{- include "sonarqube.sysctl.ifLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }} + securityContext: + privileged: true + {{- if .Values.sysctl.resources }} + resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- end }} + {{- end }} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} + - name: volume-permissions + image: {{ include "sonarqube.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + args: + - -ec + - | + mkdir -p /bitnami/sonarqube + chmod 700 /bitnami/sonarqube + find /bitnami/sonarqube -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ .Values.containerSecurityContext.runAsUser}}:{{ .Values.podSecurityContext.fsGroup }} + {{- if .Values.volumePermissions.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.volumePermissions.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/sonarqube + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} + containers: + - name: sonarqube + image: {{ include "sonarqube.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} + - name: SONARQUBE_SKIP_BOOTSTRAP + value: {{ ternary "yes" "no" .Values.sonarqubeSkipInstall | quote }} + - name: SONARQUBE_USERNAME + value: {{ .Values.sonarqubeUsername | quote }} + - name: SONARQUBE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "sonarqube.secretName" . }} + key: sonarqube-password + - name: SONARQUBE_EMAIL + value: {{ .Values.sonarqubeEmail | quote }} + {{- if .Values.minHeapSize }} + - name: SONARQUBE_MIN_HEAP_SIZE + value: {{ .Values.minHeapSize | quote }} + {{- end }} + {{- if .Values.maxHeapSize }} + - name: SONARQUBE_MAX_HEAP_SIZE + value: {{ .Values.maxHeapSize | quote }} + {{- end }} + - name: SONARQUBE_START_TIMEOUT + value: {{ .Values.startTimeout | quote }} + - name: SONARQUBE_DATABASE_HOST + value: {{ include "sonarqube.database.host" . | quote }} + - name: SONARQUBE_DATABASE_PORT_NUMBER + value: {{ include "sonarqube.database.port" . | quote }} + - name: SONARQUBE_DATABASE_NAME + value: {{ include "sonarqube.database.name" . | quote }} + - name: SONARQUBE_DATABASE_USER + value: {{ include "sonarqube.database.username" . | quote }} + - name: SONARQUBE_DATABASE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "sonarqube.database.secretName" . }} + key: postgresql-password + {{- if .Values.smtpHost }} + - name: SONARQUBE_SMTP_HOST + value: {{ .Values.smtpHost | quote }} + {{- end }} + {{- if .Values.smtpPort }} + - name: SONARQUBE_SMTP_PORT + value: {{ .Values.smtpPort | quote }} + {{- end }} + {{- if .Values.smtpUser }} + - name: SONARQUBE_SMTP_USER + value: {{ .Values.smtpUser | quote }} + {{- end }} + {{- if or .Values.smtpPassword .Values.smtpExistingSecret }} + - name: SONARQUBE_SMTP_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "sonarqube.smtpSecretName" . }} + key: smtp-password + {{- end }} + {{- if .Values.smtpProtocol }} + - name: SONARQUBE_SMTP_PROTOCOL + value: {{ .Values.smtpProtocol | quote }} + {{- end }} + - name: SONARQUBE_PORT_NUMBER + value: {{ .Values.containerPorts.http | quote }} + - name: SONARQUBE_ELASTICSEARCH_PORT_NUMBER + value: {{ .Values.containerPorts.elastic | quote }} + {{- if .Values.extraProperties }} + - name: SONARQUBE_EXTRA_PROPERTIES + value: {{ join "," .Values.extraProperties | quote }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: SONARQUBE_WEB_JAVA_ADD_OPTS + value: "-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=10443 -Dcom.sun.management.jmxremote.rmi.port=10444" + {{- end }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + - name: elastic + containerPort: {{ .Values.containerPorts.elastic }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled") "context" $) | nindent 12 }} + httpGet: + path: / + port: http + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled") "context" $) | nindent 12 }} + tcpSocket: + port: http + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /bitnami/sonarqube + name: data + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-exporter + image: {{ include "sonarqube.metrics.jmx.image" . }} + imagePullPolicy: {{ .Values.metrics.jmx.image.pullPolicy | quote }} + {{- if .Values.metrics.jmx.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.metrics.jmx.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else }} + command: + - java + - -XX:+UnlockExperimentalVMOptions + - -XX:+UseCGroupMemoryLimitForHeap + - -XX:MaxRAMFraction=1 + - -XshowSettings:vm + - -jar + - jmx_prometheus_httpserver.jar + - {{ .Values.metrics.jmx.containerPorts.metrics | quote }} + - /etc/jmx/sonarqube-prometheus.yml + {{- end }} + ports: + - name: metrics + containerPort: {{ .Values.metrics.jmx.containerPorts.metrics }} + {{- if .Values.metrics.jmx.resources }} + resources: {{- toYaml .Values.metrics.jmx.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: jmx-config + mountPath: /etc/jmx + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ (tpl .Values.persistence.existingClaim .) | default (include "common.names.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- if .Values.metrics.jmx.enabled }} + - name: jmx-config + configMap: + name: {{ printf "%s-jmx-conf" (include "common.names.fullname" .) }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/bitnami/sonarqube/templates/externaldb-secret.yaml b/bitnami/sonarqube/templates/externaldb-secret.yaml new file mode 100644 index 0000000000..b788c31f0b --- /dev/null +++ b/bitnami/sonarqube/templates/externaldb-secret.yaml @@ -0,0 +1,17 @@ +{{- if and (not .Values.postgresql.enabled) (not .Values.externalDatabase.existingSecret) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-externaldb" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + postgresql-password: {{ .Values.externalDatabase.password | b64enc | quote }} +{{- end }} diff --git a/bitnami/sonarqube/templates/extra-list.yaml b/bitnami/sonarqube/templates/extra-list.yaml new file mode 100644 index 0000000000..9ac65f9e16 --- /dev/null +++ b/bitnami/sonarqube/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/bitnami/sonarqube/templates/ingress.yaml b/bitnami/sonarqube/templates/ingress.yaml new file mode 100644 index 0000000000..d9f1233c61 --- /dev/null +++ b/bitnami/sonarqube/templates/ingress.yaml @@ -0,0 +1,59 @@ +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} +kind: Ingress +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (include "common.ingress.supportsIngressClassname" .) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} + rules: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + - path: {{ .Values.ingress.path }} + {{- if eq "true" (include "common.ingress.supportsPathType" .) }} + pathType: {{ .Values.ingress.pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" .) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + - path: {{ default "/" .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "sonarqube.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "sonarqube.ingress.certManagerRequest" .Values.ingress.annotations) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/bitnami/sonarqube/templates/jmx-configmap.yaml b/bitnami/sonarqube/templates/jmx-configmap.yaml new file mode 100644 index 0000000000..a8e033f267 --- /dev/null +++ b/bitnami/sonarqube/templates/jmx-configmap.yaml @@ -0,0 +1,17 @@ +{{- if .Values.metrics.jmx.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-jmx-conf" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + sonarqube-prometheus.yml: |- + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.configuration "context" $ ) | nindent 4 }} +{{- end -}} diff --git a/bitnami/sonarqube/templates/jmx-metrics-svc.yaml b/bitnami/sonarqube/templates/jmx-metrics-svc.yaml new file mode 100644 index 0000000000..03b0f286a5 --- /dev/null +++ b/bitnami/sonarqube/templates/jmx-metrics-svc.yaml @@ -0,0 +1,29 @@ +{{- if .Values.metrics.jmx.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.metrics.jmx.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.metrics.jmx.service.annotations }} + {{ include "common.tplvalues.render" ( dict "value" .Values.metrics.jmx.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + ports: + - name: metrics + port: {{ .Values.metrics.jmx.service.ports.metrics }} + protocol: TCP + targetPort: metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/bitnami/sonarqube/templates/jmx-servicemonitor.yaml b/bitnami/sonarqube/templates/jmx-servicemonitor.yaml new file mode 100644 index 0000000000..e4ebf2ef72 --- /dev/null +++ b/bitnami/sonarqube/templates/jmx-servicemonitor.yaml @@ -0,0 +1,48 @@ +{{- if and .Values.metrics.jmx.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ printf "%s-jmx-metrics" (include "common.names.fullname" .) }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.labels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.labels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.metrics.serviceMonitor.jobLabel }} + jobLabel: {{ .Values.metrics.serviceMonitor.jobLabel }} + {{- end }} + endpoints: + - port: metrics + path: / + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.metricRelabelings }} + metricRelabelings: {{ toYaml .Values.metrics.serviceMonitor.metricRelabelings | nindent 8 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabelings }} + relabelings: {{ toYaml .Values.metrics.serviceMonitor.relabelings | nindent 8 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: metrics + {{- if .Values.metrics.serviceMonitor.selector }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.selector "context" $) | nindent 6 }} + {{- end }} +{{- end }} diff --git a/bitnami/sonarqube/templates/pvc.yaml b/bitnami/sonarqube/templates/pvc.yaml new file mode 100644 index 0000000000..3a47ea08b8 --- /dev/null +++ b/bitnami/sonarqube/templates/pvc.yaml @@ -0,0 +1,26 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 2 }} + {{- if .Values.persistence.dataSource }} + dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.dataSource "context" $) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/bitnami/sonarqube/templates/secret.yaml b/bitnami/sonarqube/templates/secret.yaml new file mode 100644 index 0000000000..79fbe3f8e8 --- /dev/null +++ b/bitnami/sonarqube/templates/secret.yaml @@ -0,0 +1,22 @@ +{{- if (include "sonarqube.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not .Values.existingSecret }} + sonarqube-password: {{ default (randAlphaNum 10) .Values.sonarqubePassword | b64enc | quote }} + {{- end }} + {{- if and .Values.smtpPassword (not .Values.smtpExistingSecret) }} + smtp-password: {{ .Values.smtpPassword | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/bitnami/sonarqube/templates/service-account.yaml b/bitnami/sonarqube/templates/service-account.yaml new file mode 100644 index 0000000000..df617310c4 --- /dev/null +++ b/bitnami/sonarqube/templates/service-account.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "sonarqube.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} diff --git a/bitnami/sonarqube/templates/service.yaml b/bitnami/sonarqube/templates/service.yaml new file mode 100644 index 0000000000..a76fe8ea83 --- /dev/null +++ b/bitnami/sonarqube/templates/service.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if eq .Values.service.type "LoadBalancer" }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.ports.http }} + protocol: TCP + targetPort: http + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + - name: elastic + port: {{ .Values.service.ports.elastic }} + protocol: TCP + targetPort: elastic + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.elastic)) }} + nodePort: {{ .Values.service.nodePorts.elastic }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/bitnami/sonarqube/templates/tls-secret.yaml b/bitnami/sonarqube/templates/tls-secret.yaml new file mode 100644 index 0000000000..89cfba4b65 --- /dev/null +++ b/bitnami/sonarqube/templates/tls-secret.yaml @@ -0,0 +1,44 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ $.Release.Namespace | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "sonarqube-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ .Release.Namespace | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/bitnami/sonarqube/values.yaml b/bitnami/sonarqube/values.yaml new file mode 100644 index 0000000000..2376615b4f --- /dev/null +++ b/bitnami/sonarqube/values.yaml @@ -0,0 +1,859 @@ +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.fullname +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## + enabled: false + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section SonarQube Image parameters + +## Bitnami SonarQube image +## ref: https://hub.docker.com/r/bitnami/sonarqube/tags/ +## @param image.registry SonarQube image registry +## @param image.repository SonarQube image repository +## @param image.tag SonarQube image tag (immutable tags are recommended) +## @param image.pullPolicy SonarQube image pull policy +## @param image.pullSecrets SonarQube image pull secrets +## @param image.debug Enable SonarQube image debug mode +## +image: + registry: docker.io + repository: bitnami/sonarqube + tag: 9.1.0-debian-10-r41 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false + +## @section SonarQube Configuration parameters +## SonarQube settings based on environment variables +## ref: https://github.com/bitnami/bitnami-docker-sonarqube#environment-variables +## @param sonarqubeUsername SonarQube username +## +sonarqubeUsername: user +## @param sonarqubePassword SonarQube user password +## Defaults to a random 10-character alphanumeric string if not set +## +sonarqubePassword: "" +## @param existingSecret Name of existing secret containing SonarQube credentials +## NOTE: Must contain key `sonarqube-password` +## NOTE: When it's set, the `sonarqubePassword` parameter is ignored +## +existingSecret: "" +## @param sonarqubeEmail SonarQube user email +## +sonarqubeEmail: user@example.com +## @param minHeapSize Minimum heap size for SonarQube +## +minHeapSize: 1024m +## @param maxHeapSize Maximum heap size for SonarQube +## +maxHeapSize: 2048m +## @param startTimeout Timeout for the application to start in seconds +## +startTimeout: 150 +## @param extraProperties List of extra properties to be set in the sonar.properties file (key=value format) +## e.g: +## extraProperties: +## - my.sonar.property1=property_value1 +## - my.sonar.property2=property_value2 +## +extraProperties: [] +## @param sonarqubeSkipInstall Skip wizard installation +## NOTE: useful if you use an external database that already contains SonarQube data +## ref: https://github.com/bitnami/bitnami-docker-sonarqube#connect-sonarqube-container-to-an-existing-database +## +sonarqubeSkipInstall: false +## SMTP mail delivery configuration +## ref: https://github.com/bitnami/bitnami-docker-sonarqube/#smtp-configuration +## @param smtpHost SMTP server host +## @param smtpPort SMTP server port +## @param smtpUser SMTP username +## @param smtpPassword SMTP user password +## @param smtpProtocol SMTP protocol +## +smtpHost: "" +smtpPort: "" +smtpUser: "" +smtpPassword: "" +smtpProtocol: "" +## @param smtpExistingSecret The name of an existing secret with SMTP credentials +## NOTE: Must contain key `smtp-password` +## NOTE: When it's set, the `smtpPassword` parameter is ignored +## +smtpExistingSecret: "" +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param extraEnvVars Array with extra environment variables to add to SonarQube nodes +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for SonarQube nodes +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for SonarQube nodes +## +extraEnvVarsSecret: "" + +## @section SonarQube deployment parameters + +## @param replicaCount Number of SonarQube replicas to deploy +## NOTE: ReadWriteMany PVC(s) are required if replicaCount > 1 +## +replicaCount: 1 +## @param containerPorts.http SonarQube HTTP container port +## @param containerPorts.elastic SonarQube Elasticsearch container port +## +containerPorts: + http: 9000 + elastic: 9001 +## Configure extra options for SonarQube containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on SonarQube containers +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + initialDelaySeconds: 100 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe on SonarQube containers +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + initialDelaySeconds: 100 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 +## @param startupProbe.enabled Enable startupProbe on SonarQube containers +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 15 + successThreshold: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## SonarQube resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the SonarQube containers +## @param resources.requests [object] The requested resources for the SonarQube containers +## +resources: + limits: {} + requests: + cpu: 100m + memory: 2048Mi +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled SonarQube pods' Security Context +## @param podSecurityContext.fsGroup Set SonarQube pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param containerSecurityContext.enabled Enabled SonarQube containers' Security Context +## @param containerSecurityContext.runAsUser Set SonarQube containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set SonarQube containers' Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true +## @param hostAliases SonarQube pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podLabels Extra labels for SonarQube pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for SonarQube pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for SonarQube pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for SonarQube pods assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for SonarQube pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param updateStrategy.type SonarQube statefulset strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate +## @param priorityClassName SonarQube pods' priorityClassName +## +priorityClassName: "" +## @param schedulerName Name of the k8s scheduler (other than default) for SonarQube pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param lifecycleHooks for the SonarQube container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraVolumes Optionally specify extra list of additional volumes for the SonarQube pod(s) +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the SonarQube container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the SonarQube pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: {} +## @param initContainers Add additional init containers to the SonarQube pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: {} + +## @section Traffic Exposure Parameters + +## SonarQube service parameters +## +service: + ## @param service.type SonarQube service type + ## + type: LoadBalancer + ## @param service.ports.http SonarQube service HTTP port + ## @param service.ports.elastic SonarQube service ElasticSearch port + ## + ports: + http: 80 + elastic: 9001 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## @param service.nodePorts.elastic Node port for ElasticSearch + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + elastic: "" + ## @param service.clusterIP SonarQube service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP SonarQube service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges SonarQube service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy SonarQube service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for SonarQube service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in SonarQube service (normally used with the `sidecars` value) + ## + extraPorts: [] +## SonarQube ingress parameters +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## @param ingress.enabled Enable ingress record generation for SonarQube + ## + enabled: false + ## @param ingress.pathType Ingress path type + ## + pathType: ImplementationSpecific + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster. + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: sonarqube.local + ## @param ingress.path Default path for the ingress record + ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers + ## + path: / + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Relay on cert-manager to create it by setting the corresponding annotations + ## - Relay on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: sonarqube.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - sonarqube.local + ## secretName: sonarqube.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: sonarqube.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + +## @section Persistence Parameters + +## Persistence Parameters +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + ## @param persistence.enabled Enable persistence using Persistent Volume Claims + ## + enabled: true + ## @param persistence.storageClass Persistent Volume storage class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is set, choosing the default provisioner + ## + storageClass: "" + ## @param persistence.accessModes [array] Persistent Volume access modes + ## + accessModes: + - ReadWriteOnce + ## @param persistence.size Persistent Volume size + ## + size: 10Gi + ## @param persistence.dataSource Custom PVC data source + ## + dataSource: {} + ## @param persistence.existingClaim The name of an existing PVC to use for persistence + ## + existingClaim: "" +## 'volumePermissions' init container parameters +## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values +## based on the *podSecurityContext/*containerSecurityContext parameters +## +volumePermissions: + ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` + ## + enabled: false + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param volumePermissions.image.registry Bitnami Shell image registry + ## @param volumePermissions.image.repository Bitnami Shell image repository + ## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy + ## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r239 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param volumePermissions.resources.limits The resources limits for the init container + ## @param volumePermissions.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Init container Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) + ## + containerSecurityContext: + runAsUser: 0 + +## @section Sysctl Image parameters + +## Kernel settings modifier image +## +sysctl: + ## @param sysctl.enabled Enable kernel settings modifier image + ## + enabled: true + ## Bitnami Shell image + ## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/ + ## @param sysctl.image.registry Bitnami Shell image registry + ## @param sysctl.image.repository Bitnami Shell image repository + ## @param sysctl.image.tag Bitnami Shell image tag (immutable tags are recommended) + ## @param sysctl.image.pullPolicy Bitnami Shell image pull policy + ## @param sysctl.image.pullSecrets Bitnami Shell image pull secrets + ## + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r239 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Init container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param sysctl.resources.limits The resources limits for the init container + ## @param sysctl.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + +## @section Other Parameters + +## RBAC configuration +## +rbac: + ## @param rbac.create Specifies whether RBAC resources should be created + ## + create: false +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created + ## + automountServiceAccountToken: false +## SonarQube Autoscaling configuration +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## @param autoscaling.enabled Enable Horizontal POD autoscaling for SonarQube +## @param autoscaling.minReplicas Minimum number of SonarQube replicas +## @param autoscaling.maxReplicas Maximum number of SonarQube replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 11 + targetCPU: 50 + targetMemory: 50 + +## @section Metrics parameters + +## Prometheus Exporters / Metrics +## +metrics: + ## Prometheus JMX Exporter: exposes the majority of SonarQube metrics + ## + jmx: + ## @param metrics.jmx.enabled Whether or not to expose JMX metrics to Prometheus + ## + enabled: false + ## Bitnami JMX exporter image + ## ref: https://hub.docker.com/r/bitnami/jmx-exporter/tags/ + ## @param metrics.jmx.image.registry JMX exporter image registry + ## @param metrics.jmx.image.repository JMX exporter image repository + ## @param metrics.jmx.image.tag JMX exporter image tag (immutable tags are recommended) + ## @param metrics.jmx.image.pullPolicy JMX exporter image pull policy + ## @param metrics.jmx.image.pullSecrets Specify docker-registry secret names as an array + ## + image: + registry: docker.io + repository: bitnami/jmx-exporter + tag: 0.16.1-debian-10-r108 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## @param metrics.jmx.containerPorts.metrics JMX Exporter metrics container port + ## + containerPorts: + metrics: 10445 + ## Prometheus JMX Exporter' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## @param metrics.jmx.resources.limits The resources limits for the init container + ## @param metrics.jmx.resources.requests The requested resources for the init container + ## + resources: + limits: {} + requests: {} + ## Configure Container Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## @param metrics.jmx.containerSecurityContext.enabled Enabled JMX Exporter containers' Security Context + ## @param metrics.jmx.containerSecurityContext.runAsUser Set JMX Exporter containers' Security Context runAsUser + ## @param metrics.jmx.containerSecurityContext.runAsNonRoot Set JMX Exporter containers' Security Context runAsNonRoot + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + ## @param metrics.jmx.whitelistObjectNames [array] Allows setting which JMX objects you want to expose to via JMX stats to JMX Exporter + ## Only whitelisted values will be exposed via JMX Exporter. They must also be exposed via Rules. To expose all metrics + ## (warning its crazy excessive and they aren't formatted in a prometheus style) (1) `whitelistObjectNames: []` + ## (2) commented out above `overrideConfig`. + ## + whitelistObjectNames: + - java.lang:* + - SonarQube:* + - Tomcat:* + ## @param metrics.jmx.configuration [string] Configuration file for JMX exporter + ## Specify content for jmx-sonarqube-prometheus.yml. Evaluated as a template + ## + configuration: |- + jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:10443/jmxrmi + lowercaseOutputName: true + lowercaseOutputLabelNames: true + ssl: false + {{- if .Values.metrics.jmx.whitelistObjectNames }} + whitelistObjectNames: ["{{ join "\",\"" .Values.metrics.jmx.whitelistObjectNames }}"] + {{- end }} + rules: + - pattern: java.lang<(.+)>(\w+) + name: java_lang_$1_$4_$3_$2 + - pattern: java.lang<>(\w+) + name: java_lang_$1_$3_$2 + - pattern: java.lang + - pattern: SonarQube<>(\w+) + name: sonarqube_$1_$2 + - pattern: Tomcat<>(\w+) + name: tomcat_$1_$3_$2 + ## Service configuration + ## + service: + ## @param metrics.jmx.service.ports.metrics JMX Exporter Prometheus port + ## + ports: + metrics: 10443 + ## @param metrics.jmx.service.annotations [object] Annotations for the JMX Exporter Prometheus metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.jmx.service.ports.metrics }}" + prometheus.io/path: "/" + ## Prometheus Operator ServiceMonitor configuration + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + serviceMonitor: + ## @param metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) + ## + enabled: false + ## @param metrics.serviceMonitor.namespace Namespace in which Prometheus is running + ## + namespace: "" + ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor + ## + labels: {} + ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus + ## + jobLabel: "" + ## @param metrics.serviceMonitor.interval How frequently to scrape metrics + ## e.g: + ## interval: 10s + ## + interval: "" + ## @param metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended + ## e.g: + ## scrapeTimeout: 10s + ## + scrapeTimeout: "" + ## @param metrics.serviceMonitor.metricRelabelings [array] Specify additional relabeling of metrics + ## + metricRelabelings: [] + ## @param metrics.serviceMonitor.relabelings [array] Specify general relabeling + ## + relabelings: [] + ## @param metrics.serviceMonitor.selector Prometheus instance selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + selector: {} + +## @section PostgreSQL subchart settings + +## PostgreSQL chart configuration +## https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml +## +postgresql: + ## @param postgresql.enabled Deploy PostgreSQL subchart + ## + enabled: true + ## @param postgresql.nameOverride Override name of the PostgreSQL chart + ## + nameOverride: "" + ## @param postgresql.existingSecret Existing secret containing the password of the PostgreSQL chart + ## + existingSecret: "" + ## @param postgresql.postgresqlPassword Password for the postgres user of the PostgreSQL chart (auto-generated if not set) + ## ref: https://hub.docker.com/_/postgres/ + ## + postgresqlPassword: "" + ## @param postgresql.postgresqlUsername Username to create when deploying the PostgreSQL chart + ## + postgresqlUsername: bn_sonarqube + ## @param postgresql.postgresqlDatabase Database to create when deploying the PostgreSQL chart + ## + postgresqlDatabase: bitnami_sonarqube + ## PostgreSQL service + ## + service: + ## @param postgresql.service.port PostgreSQL service port + ## + port: 5432 + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## @param postgresql.persistence.enabled Use PVCs when deploying the PostgreSQL chart + ## + enabled: true + ## @param postgresql.persistence.existingClaim Use an existing PVC when deploying the PostgreSQL chart + ## + existingClaim: "" + ## @param postgresql.persistence.storageClass storageClass of the created PVCs + ## postgresql data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + storageClass: "" + ## @param postgresql.persistence.accessMode Access mode of the created PVCs + ## + accessMode: ReadWriteOnce + ## @param postgresql.persistence.size Size of the created PVCs + ## + size: 8Gi + +## @section External Database settings + +## External Database Configuration +## All of these values are only used when postgresql.enabled is set to false +## +externalDatabase: + ## @param externalDatabase.host Host of an external PostgreSQL instance to connect (only if postgresql.enabled=false) + ## + host: "" + ## @param externalDatabase.user User of an external PostgreSQL instance to connect (only if postgresql.enabled=false) + ## + user: postgres + ## @param externalDatabase.password Password of an external PostgreSQL instance to connect (only if postgresql.enabled=false) + ## + password: "" + ## @param externalDatabase.existingSecret Secret containing the password of an external PostgreSQL instance to connect (only if postgresql.enabled=false) + ## Name of an existing secret resource containing the DB password in a 'postgresql-password' key + ## + existingSecret: "" + ## @param externalDatabase.database Database inside an external PostgreSQL to connect (only if postgresql.enabled=false) + ## + database: sonarqube + ## @param externalDatabase.port Port of an external PostgreSQL to connect (only if postgresql.enabled=false) + ## + port: 5432