sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

디렉토리 구조 및 각 서비스 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2024-01-03 17:29:11 +09:00
parent 98de2a7627
commit d601d0f259
1632 changed files with 207616 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
helm/sonarqube/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,22 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http://{{ .name }}
{{- end }}
{{- else if .Values.route.enabled }}
export ROUTE_HOST=$(kubectl get route {{ template "sonarqube.name" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.host}")
echo https://$ROUTE_HOST
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "sonarqube.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ template "sonarqube.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "sonarqube.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "sonarqube.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }}
{{- end }}

199
helm/sonarqube/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,199 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "sonarqube.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "sonarqube.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name (include "sonarqube.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified mysql/postgresql name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Determine the hostname to use for PostgreSQL/mySQL.
*/}}
{{- define "postgresql.hostname" -}}
{{- if .Values.postgresql.enabled -}}
{{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" .Values.postgresql.postgresqlServer -}}
{{- end -}}
{{- end -}}
{{/*
Determine the k8s secret containing the JDBC credentials
*/}}
{{- define "jdbc.secret" -}}
{{- if .Values.postgresql.enabled -}}
{{- if .Values.postgresql.existingSecret -}}
{{- .Values.postgresql.existingSecret -}}
{{- else -}}
{{- template "postgresql.fullname" . -}}
{{- end -}}
{{- else if .Values.jdbcOverwrite.enable -}}
{{- if .Values.jdbcOverwrite.jdbcSecretName -}}
{{- .Values.jdbcOverwrite.jdbcSecretName -}}
{{- else -}}
{{- template "sonarqube.fullname" . -}}
{{- end -}}
{{- else -}}
{{- template "sonarqube.fullname" . -}}
{{- end -}}
{{- end -}}
{{/*
Determine JDBC username
*/}}
{{- define "jdbc.username" -}}
{{- if and .Values.postgresql.enabled .Values.postgresql.postgresqlUsername -}}
{{- .Values.postgresql.postgresqlUsername | quote -}}
{{- else if and .Values.jdbcOverwrite.enable .Values.jdbcOverwrite.jdbcUsername -}}
{{- .Values.jdbcOverwrite.jdbcUsername | quote -}}
{{- else -}}
{{- .Values.postgresql.postgresqlUsername -}}
{{- end -}}
{{- end -}}
{{/*
Determine the k8s secretKey contrining the JDBC password
*/}}
{{- define "jdbc.secretPasswordKey" -}}
{{- if .Values.postgresql.enabled -}}
{{- if and .Values.postgresql.existingSecret .Values.postgresql.existingSecretPasswordKey -}}
{{- .Values.postgresql.existingSecretPasswordKey -}}
{{- else -}}
{{- "postgresql-password" -}}
{{- end -}}
{{- else if .Values.jdbcOverwrite.enable -}}
{{- if and .Values.jdbcOverwrite.jdbcSecretName .Values.jdbcOverwrite.jdbcSecretPasswordKey -}}
{{- .Values.jdbcOverwrite.jdbcSecretPasswordKey -}}
{{- else -}}
{{- "jdbc-password" -}}
{{- end -}}
{{- else -}}
{{- "jdbc-password" -}}
{{- end -}}
{{- end -}}
{{/*
Determine JDBC password if internal secret is used
*/}}
{{- define "jdbc.internalSecretPasswd" -}}
{{- if .Values.jdbcOverwrite.enable -}}
{{- .Values.jdbcOverwrite.jdbcPassword | b64enc | quote -}}
{{- else -}}
{{- .Values.postgresql.postgresqlPassword | b64enc | quote -}}
{{- end -}}
{{- end -}}
{{/*
Set sonarqube.jvmOpts
*/}}
{{- define "sonarqube.jvmOpts" -}}
{{- $tempJvm := .Values.jvmOpts -}}
{{- if and .Values.sonarProperties (hasKey (.Values.sonarProperties) "sonar.web.javaOpts")}}
{{- $tempJvm = (get .Values.sonarProperties "sonar.web.javaOpts") -}}
{{- else if .Values.env -}}
{{- range $index, $val := .Values.env -}}
{{- if eq $val.name "SONAR_WEB_JAVAOPTS" -}}
{{- $tempJvm = $val.value -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and .Values.caCerts.enabled .Values.prometheusExporter.enabled -}}
{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else if .Values.caCerts.enabled -}}
{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else if .Values.prometheusExporter.enabled -}}
{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.webBeanPort) .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else -}}
{{ printf "%s" $tempJvm }}
{{- end -}}
{{- end -}}
{{/*
Set sonarqube.jvmCEOpts
*/}}
{{- define "sonarqube.jvmCEOpts" -}}
{{- $tempJvm := .Values.jvmCeOpts -}}
{{- if and .Values.sonarProperties (hasKey (.Values.sonarProperties) "sonar.ce.javaOpts")}}
{{- $tempJvm = (get .Values.sonarProperties "sonar.ce.javaOpts") -}}
{{- else if .Values.env -}}
{{- range $index, $val := .Values.env -}}
{{- if eq $val.name "SONAR_CE_JAVAOPTS" -}}
{{- $tempJvm = $val.value -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- if and .Values.caCerts.enabled .Values.prometheusExporter.enabled -}}
{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml -Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else if .Values.caCerts.enabled -}}
{{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else if .Values.prometheusExporter.enabled -}}
{{ printf "-javaagent:%s/data/jmx_prometheus_javaagent.jar=%d:%s/conf/prometheus-ce-config.yaml %s" .Values.sonarqubeFolder (int .Values.prometheusExporter.ceBeanPort) .Values.sonarqubeFolder $tempJvm | trim | quote }}
{{- else -}}
{{ printf "%s" $tempJvm }}
{{- end -}}
{{- end -}}
{{/*
Set prometheusExporter.downloadURL
*/}}
{{- define "prometheusExporter.downloadURL" -}}
{{- if .Values.prometheusExporter.downloadURL -}}
{{ printf "%s" .Values.prometheusExporter.downloadURL }}
{{- else -}}
{{ printf "https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/%s/jmx_prometheus_javaagent-%s.jar" .Values.prometheusExporter.version .Values.prometheusExporter.version }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "sonarqube.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "sonarqube.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Set sonarqube.webcontext, ensuring it starts and ends with a slash, in order to ease probes url template
*/}}
{{- define "sonarqube.webcontext" -}}
{{- $tempWebcontext := .Values.sonarWebContext -}}
{{- if and .Values.sonarProperties (hasKey (.Values.sonarProperties) "sonar.web.context") -}}
{{- $tempWebcontext = (get .Values.sonarProperties "sonar.web.context") -}}
{{- end -}}
{{- range $index, $val := .Values.env -}}
{{- if eq $val.name "SONAR_WEB_CONTEXT" -}}
{{- $tempWebcontext = $val.value -}}
{{- end -}}
{{- end -}}
{{- if not (hasPrefix "/" $tempWebcontext) -}}
{{- $tempWebcontext = print "/" $tempWebcontext -}}
{{- end -}}
{{- if not (hasSuffix "/" $tempWebcontext) -}}
{{- $tempWebcontext = print $tempWebcontext "/" -}}
{{- end -}}
{{ printf "%s" $tempWebcontext }}
{{- end -}}

82
helm/sonarqube/templates/change-admin-password-hook.yml Normal file
View File

@@ -0,0 +1,82 @@
{{- if .Values.account }}
{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ template "sonarqube.fullname" . }}-change-admin-password-hook
labels:
app: {{ template "sonarqube.name" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
{{- range $key, $value := .Values.service.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-delete-policy": hook-succeeded
{{- range $key, $value := .Values.adminJobAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
template:
metadata:
name: {{ template "sonarqube.fullname" . }}-change-admin-password-hook
labels:
app: {{ template "sonarqube.name" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
{{- range $key, $value := .Values.service.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
restartPolicy: OnFailure
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.image.pullSecrets }}
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "sonarqube.serviceAccountName" . }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
containers:
- name: {{ template "sonarqube.fullname" . }}-change-default-admin-password
image: {{ default "curlimages/curl:8.2.0" .Values.curlContainerImage }}
{{- if $securityContext := .Values.account.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
command: ["sh", "-c", 'until curl -v --connect-timeout 100 {{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}{{ .Values.account.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -w UP; do sleep 10; done; curl -v --connect-timeout 100 -u admin:$CURRENT_ADMIN_PASSWORD -X POST "{{ template "sonarqube.fullname" . }}:{{ default 9000 .Values.service.internalPort }}{{ .Values.account.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/users/change_password?login=admin&previousPassword=$CURRENT_ADMIN_PASSWORD&password=$ADMIN_PASSWORD"']
env:
- name: ADMIN_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.account.adminPassword }}
name: {{ template "sonarqube.fullname" . }}-admin-password
{{- else }}
name: {{ .Values.account.adminPasswordSecretName }}
{{- end }}
key: password
- name: CURRENT_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.account.adminPassword }}
name: {{ template "sonarqube.fullname" . }}-admin-password
{{- else }}
name: {{ .Values.account.adminPasswordSecretName }}
{{- end }}
key: currentPassword
resources:
{{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }}
{{- end }}
{{- end }}

20
helm/sonarqube/templates/config.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-config
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
sonar.properties: |
{{- range $key, $val := .Values.sonarProperties }}
{{ $key }}={{ $val }}
{{- end }}
{{- if not .Values.elasticsearch.bootstrapChecks }}
sonar.es.bootstrap.checks.disable=true
{{- end }}
{{- if .Values.sonarSecretKey }}
sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt
{{- end }}

482
helm/sonarqube/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,482 @@
{{- if eq .Values.deploymentType "Deployment"}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "sonarqube.name" . }}-{{ template "sonarqube.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: sonarqube
app.kubernetes.io/component: {{ template "sonarqube.fullname" . }}
app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }}
spec:
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
{{- if .Values.deploymentStrategy }}
strategy:
{{ toYaml .Values.deploymentStrategy | indent 4 }}
{{- end }}
template:
metadata:
labels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }}
checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.prometheusExporter.enabled }}
checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }}
checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.annotations}}
{{- range $key, $value := .Values.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.image.pullSecrets}}
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{ toYaml .Values.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"]
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
volumeMounts:
- mountPath: /tmp/certs
name: sonarqube
subPath: certs
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
- name: init-sysctl
image: {{ default "busybox:1.32" .Values.initSysctl.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_sysctl.sh"]
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- name: concat-properties
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
#!/bin/sh
if [ -f /tmp/props/sonar.properties ]; then
cat /tmp/props/sonar.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/secret.properties ]; then
cat /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/sonar.properties -a -f /tmp/props/secret.properties ]; then
awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
volumeMounts:
{{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: /tmp/props/sonar.properties
name: config
subPath: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- mountPath: /tmp/props/secret.properties
name: secret-config
subPath: secret.properties
{{- end }}
- mountPath: /tmp/result
name: concat-dir
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: inject-prometheus-exporter
image: {{ default "curlimages/curl:8.2.0" .Values.prometheusExporter.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.prometheusExporter.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.prometheusExporter.resources) | indent 12 }}
command: ["/bin/sh","-c"]
args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
volumeMounts:
- mountPath: /data
name: sonarqube
subPath: data
env:
- name: http_proxy
value: {{ default "" .Values.prometheusExporter.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.prometheusExporter.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.prometheusExporter.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
image: {{ default "curlimages/curl:8.2.0" .Values.plugins.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh",
"-e",
"/tmp/scripts/install_plugins.sh"]
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
- name: install-plugins
mountPath: /tmp/scripts/
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
mountPath: /root
{{- end }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.plugins.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }}
env:
- name: http_proxy
value: {{ default "" .Values.plugins.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.plugins.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.plugins.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
containers:
{{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.prometheusExporter.enabled }}
- name: monitoring-web
containerPort: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
- name: monitoring-ce
containerPort: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
{{- end }}
resources:
{{ toYaml (default .Values.resources .Values.resource) | indent 12 }}
env:
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
- name: SONAR_HELM_CHART_VERSION
value: {{ .Chart.Version | replace "+" "_" }}
- name: SONAR_WEB_JAVAOPTS
value: {{ template "sonarqube.jvmOpts" . }}
- name: SONAR_CE_JAVAOPTS
value: {{ template "sonarqube.jvmCEOpts" . }}
- name: SONAR_WEB_CONTEXT
value: {{ include "sonarqube.webcontext" . }}
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jdbc.secret" . }}
key: {{ template "jdbc.secretPasswordKey" . }}
- name: SONAR_WEB_SYSTEMPASSCODE
valueFrom:
secretKeyRef:
{{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }}
name: {{ .Values.monitoringPasscodeSecretName }}
key: {{ .Values.monitoringPasscodeSecretKey }}
{{- else }}
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
key: SONAR_WEB_SYSTEMPASSCODE
{{- end }}
envFrom:
- configMapRef:
name: {{ template "sonarqube.fullname" . }}-jdbc-config
{{- range .Values.extraConfig.secrets }}
- secretRef:
name: {{ . }}
{{- end }}
{{- range .Values.extraConfig.configmaps }}
- configMapRef:
name: {{ . }}
{{- end }}
livenessProbe:
exec:
command:
- sh
- -c
- |
host="$(hostname -i || echo '127.0.0.1')"
wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/liveness"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/bin/bash
# A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are added to prevent the node to be kill while sonarqube is upgrading the database.
host="$(hostname -i || echo '127.0.0.1')"
if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
exit 0
fi
exit 1
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
startupProbe:
httpGet:
scheme: HTTP
path: {{ .Values.startupProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.mounts }}
{{ toYaml .Values.persistence.mounts | indent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- .Values.extraVolumeMounts | toYaml | nindent 12 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/
name: concat-dir
{{- end }}
{{- if .Values.sonarSecretKey }}
- mountPath: {{ .Values.sonarqubeFolder }}/secret/
name: secret
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
{{- if .Values.persistence.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- else if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- if .Values.prometheusExporter.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml
subPath: prometheus-config.yaml
name: prometheus-config
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml
subPath: prometheus-ce-config.yaml
name: prometheus-ce-config
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "sonarqube.serviceAccountName" . }}
volumes:
{{- if .Values.extraVolumes }}
{{- .Values.extraVolumes | toYaml | nindent 6 }}
{{- end }}
{{- if .Values.persistence.volumes }}
{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name: config
configMap:
name: {{ template "sonarqube.fullname" . }}-config
items:
- key: sonar.properties
path: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- name: secret-config
secret:
secretName: {{ .Values.sonarSecretProperties }}
items:
- key: secret.properties
path: secret.properties
{{- end }}
{{- if .Values.sonarSecretKey }}
- name: secret
secret:
secretName: {{ .Values.sonarSecretKey }}
items:
- key: sonar-secret.txt
path: sonar-secret.txt
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
secret:
secretName: {{ .Values.caCerts.secret }}
{{- end }}
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
secret:
secretName: {{ .Values.plugins.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
- name: init-sysctl
configMap:
name: {{ template "sonarqube.fullname" . }}-init-sysctl
items:
- key: init_sysctl.sh
path: init_sysctl.sh
- name: install-plugins
configMap:
name: {{ template "sonarqube.fullname" . }}-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-config
items:
- key: prometheus-config.yaml
path: prometheus-config.yaml
- name: prometheus-ce-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config
items:
- key: prometheus-ce-config.yaml
path: prometheus-ce-config.yaml
{{- end }}
- name: sonarqube
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "sonarqube.fullname" . }}{{- end }}
{{- else }}
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- end }}
- name : tmp-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name : concat-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}}
{{- end }}
{{- end }}

43
helm/sonarqube/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- if .Values.ingress.enabled -}}
{{- $serviceName := include "sonarqube.fullname" . -}}
{{- $servicePort := .Values.service.externalPort -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.ingress.labels }}
{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}}
{{- end}}
{{- if .Values.ingress.annotations}}
annotations:
{{- range $key, $value := .Values.ingress.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.ingress.ingressClassName }}
ingressClassName: {{ .Values.ingress.ingressClassName }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ printf "%s" .name }}
http:
paths:
- backend:
service:
name: {{ default $serviceName .serviceName }}
port:
number: {{ default $servicePort .servicePort }}
path: {{ .path | default (include "sonarqube.webcontext" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{ toYaml .Values.ingress.tls | indent 4 }}
{{- end -}}
{{- end }}

14
helm/sonarqube/templates/init-fs.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-init-fs
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
init_fs.sh: |-
{{- if .Values.persistence.enabled }}
chown -R {{ .Values.persistence.uid }}: {{ .Values.sonarqubeFolder }}
{{- end }}

37
helm/sonarqube/templates/init-sysctl.yaml Normal file
View File

@@ -0,0 +1,37 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-init-sysctl
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
init_sysctl.sh: |-
{{- if .Values.initSysctl.vmMaxMapCount }}
if [[ "$(sysctl -n vm.max_map_count)" -lt {{ .Values.initSysctl.vmMaxMapCount }} ]]; then
sysctl -w vm.max_map_count={{ .Values.initSysctl.vmMaxMapCount }}
fi
{{- end }}
{{- if .Values.initSysctl.fsFileMax }}
if [[ "$(sysctl -n fs.file-max)" -lt {{ .Values.initSysctl.fsFileMax }} ]]; then
sysctl -w fs.file-max={{ .Values.initSysctl.fsFileMax }}
fi
{{- end }}
{{- if .Values.initSysctl.nofile }}
if [[ "$(ulimit -n)" != "unlimited" ]]; then
if [[ "$(ulimit -n)" -lt {{ .Values.initSysctl.nofile }} ]]; then
echo "ulimit -n {{ .Values.initSysctl.nofile }}"
ulimit -n {{ .Values.initSysctl.nofile }}
fi
fi
{{- end }}
{{- if .Values.initSysctl.nproc }}
if [[ "$(ulimit -u)" != "unlimited" ]]; then
if [[ "$(ulimit -u)" -lt {{ .Values.initSysctl.nproc }} ]]; then
echo "ulimit -u {{ .Values.initSysctl.nproc }}"
ulimit -u {{ .Values.initSysctl.nproc }}
fi
fi
{{- end }}

18
helm/sonarqube/templates/install-plugins.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-install-plugins
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
install_plugins.sh: |-
{{- if .Values.plugins.install }}
rm -f {{ .Values.sonarqubeFolder }}/extensions/plugins/*
cd {{ .Values.sonarqubeFolder }}/extensions/plugins
{{- range $index, $val := .Values.plugins.install }}
curl {{ if $.Values.plugins.noCheckCertificate }}--insecure{{ end }} {{ if $.Values.plugins.netrcCreds }}--netrc-file /root/.netrc{{ end }} -fsSLO {{ $val | quote }}
{{- end }}
{{- end }}

16
helm/sonarqube/templates/jdbc-config.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-jdbc-config
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
SONAR_JDBC_USERNAME: {{ template "jdbc.username" . }}
{{- if .Values.jdbcOverwrite.enable }}
SONAR_JDBC_URL: {{ .Values.jdbcOverwrite.jdbcUrl | trim | quote }}
{{- else if and .Values.postgresql.service.port .Values.postgresql.postgresqlDatabase }}
SONAR_JDBC_URL: "jdbc:postgresql://{{ template "postgresql.hostname" . }}:{{- .Values.postgresql.service.port -}}/{{- .Values.postgresql.postgresqlDatabase -}}"
{{- end }}

114
helm/sonarqube/templates/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,114 @@
{{- if .Values.networkPolicy.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ template "sonarqube.fullname" . }}-network-policy
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
ports:
- port: {{ .Values.service.internalPort }}
{{ if .Values.prometheusExporter.enabled }}
- from:
- namespaceSelector:
matchLabels:
networking/namespace: {{ .Values.networkPolicy.prometheusNamespace }}
ports:
- port: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
- port: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
{{ end }}
egress:
- to:
- namespaceSelector:
matchLabels:
networking/namespace: kube-system
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
{{- if .Values.postgresql.enabled }}
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: postgresql
ports:
- port: 5432
protocol: TCP
{{- end }}
- to:
- ipBlock:
cidr: 0.0.0.0/0
{{- end -}}
{{ if and .Values.postgresql.enabled .Values.networkPolicy.enabled }}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}-database
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: postgresql
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: {{ template "sonarqube.name" . }}
ports:
- port: 5432
egress:
- to:
- namespaceSelector: {}
podSelector:
matchLabels:
k8s-app: kube-dns
ports:
- port: 53
protocol: UDP
{{- end }}
{{- if and .Values.networkPolicy.enabled .Values.networkPolicy.additionalNetworkPolicys }}
---
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}-additional-network-policy
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- with .Values.networkPolicy.additionalNetworkPolicys -}}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end -}}

14
helm/sonarqube/templates/prometheus-ce-config.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.prometheusExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
prometheus-ce-config.yaml: |-
{{ .Values.prometheusExporter.ceConfig | default .Values.prometheusExporter.config | toYaml | indent 8 }}
{{- end }}

14
helm/sonarqube/templates/prometheus-config.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if .Values.prometheusExporter.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-prometheus-config
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
prometheus-config.yaml: |-
{{ toYaml .Values.prometheusExporter.config | indent 8 }}
{{- end }}

37
helm/sonarqube/templates/prometheus-podmonitor.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.prometheusMonitoring.podMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ template "sonarqube.name" . }}
namespace: {{ .Values.prometheusMonitoring.podMonitor.namespace | quote }}
labels:
app: {{ template "sonarqube.name" . }}
spec:
{{- if .Values.prometheusMonitoring.podMonitor.jobLabel }}
jobLabel: {{ .Values.prometheusMonitoring.podMonitor.jobLabel | quote }}
{{- end }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app: {{ template "sonarqube.name" . }}
podMetricsEndpoints:
- port: http
path: /api/monitoring/metrics
scheme: http
{{- if .Values.prometheusMonitoring.podMonitor.interval }}
interval: {{ .Values.prometheusMonitoring.podMonitor.interval }}
{{- end }}
{{- if .Values.prometheusMonitoring.podMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.prometheusMonitoring.podMonitor.scrapeTimeout }}
{{- end }}
bearerTokenSecret:
{{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }}
name: {{ .Values.monitoringPasscodeSecretName }}
key: {{ .Values.monitoringPasscodeSecretKey }}
{{- else }}
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
key: SONAR_WEB_SYSTEMPASSCODE
{{- end }}
{{- end }}

30
helm/sonarqube/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,30 @@
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{ if .Values.persistence.annotations}}
annotations:
{{- range $key, $value := .Values.persistence.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}

34
helm/sonarqube/templates/route.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- if .Values.route.enabled -}}
{{- $serviceName := include "sonarqube.fullname" . -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.route.labels }}
{{ .Values.route.labels | toYaml | trimSuffix "\n"| indent 4 -}}
{{- end}}
{{- if .Values.route.annotations}}
annotations:
{{- range $key, $value := .Values.route.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.route.host }}
host: {{ .Values.route.host }}
{{- end }}
to:
kind: Service
name: {{ default $serviceName .serviceName }}
port:
targetPort: http
{{- if .Values.route.tls }}
tls:
{{ toYaml .Values.route.tls | indent 4 }}
{{- end -}}
{{- end -}}

64
helm/sonarqube/templates/secret.yaml Normal file
View File

@@ -0,0 +1,64 @@
---
{{- if not (or .Values.postgresql.enabled .Values.postgresql.existingSecret .Values.jdbcOverwrite.jdbcSecretName)}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
{{ template "jdbc.secretPasswordKey" . }}: {{ template "jdbc.internalSecretPasswd" . }}
{{- end }}
---
{{- if .Values.monitoringPasscode}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
SONAR_WEB_SYSTEMPASSCODE: {{ .Values.monitoringPasscode | b64enc | quote }}
{{- end }}
---
{{- if and .Values.monitoringPasscode .Values.prometheusMonitoring.podMonitor.enabled}}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
namespace: {{.Values.prometheusMonitoring.podMonitor.namespace}}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
data:
SONAR_WEB_SYSTEMPASSCODE: {{ .Values.monitoringPasscode | b64enc | quote }}
{{- end }}
---
{{- if .Values.account }}
{{- if .Values.account.adminPassword }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "sonarqube.fullname" . }}-admin-password
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
type: Opaque
stringData:
password: {{ .Values.account.adminPassword | urlquery | quote }}
currentPassword: {{ default "admin" .Values.account.currentAdminPassword | urlquery | quote }}
{{- end }}
{{- end }}

42
helm/sonarqube/templates/service.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- range $key, $value := .Values.service.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{ if .Values.service.annotations}}
annotations:
{{- range $key, $value := .Values.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.externalPort }}
targetPort: http
protocol: TCP
name: http
{{- if .Values.service.nodePort }}
nodePort: {{ .Values.service.nodePort }}
{{- end }}
selector:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
{{- if eq .Values.service.type "LoadBalancer"}}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{- range .Values.service.loadBalancerSourceRanges }}
- {{ . }}
{{- end }}
{{- end -}}
{{- if .Values.service.loadBalancerIP}}
loadBalancerIP: {{.Values.service.loadBalancerIP}}
{{- end }}
{{- end }}

16
helm/sonarqube/templates/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if .Values.serviceAccount.create -}}
---
apiVersion: v1
kind: ServiceAccount
metadata:
{{- if .Values.serviceAccount.name }}
name: {{ .Values.serviceAccount.name }}
{{- else }}
name: {{ include "sonarqube.fullname" . }}
{{- end }}
{{- if .Values.serviceAccount.annotations }}
annotations:
{{ toYaml .Values.serviceAccount.annotations | indent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountToken | default "false" }}
{{- end -}}

63
helm/sonarqube/templates/sonarqube-scc.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{- if and (.Values.OpenShift.enabled) (.Values.OpenShift.createSCC) }}
# This SCC allows any user ID but restricts capabilties and host access
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "allows pod to run as root, privileged and run sysctl"
"helm.sh/hook": pre-install
name: {{ .Release.Name }}-privileged-scc
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegedContainer: true
allowPrivilegeEscalation: true
allowedCapabilities: []
allowedFlexVolumes: []
allowedUnsafeSysctls: []
defaultAddCapabilities: []
defaultAllowPrivilegeEscalation: true
fsGroup:
type: RunAsAny
readOnlyRootFilesystem: false
requiredDropCapabilities:
- KILL
- MKNOD
- SETUID
- SETGID
runAsUser:
type: RunAsAny
# This can be customized for your host machine
seLinuxContext:
type: MustRunAs
# seLinuxOptions:
# level:
# user:
# role:
# type:
supplementalGroups:
type: RunAsAny
# This can be customized for your host machine
volumes:
- configMap
- downwardAPI
- emptyDir
- persistentVolumeClaim
- projected
- secret
# If you want a priority on your SCC -- set for a value more than 0
priority: 11
users:
{{- if .Values.serviceAccount.name }}
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount.name }}
{{- else }}
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-sonarqube
{{- end }}
{{- if .Values.postgresql.securityContext.enabled }}
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}-postgresql
{{- end }}
{{- end }}

531
helm/sonarqube/templates/sonarqube-sts.yaml Normal file
View File

@@ -0,0 +1,531 @@
{{- if eq .Values.deploymentType "StatefulSet"}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "sonarqube.name" . }}-{{ template "sonarqube.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: sonarqube
app.kubernetes.io/component: {{ template "sonarqube.fullname" . }}
app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName: {{ template "sonarqube.fullname" . }}
selector:
matchLabels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }}
checksum/init-fs: {{ include (print $.Template.BasePath "/init-fs.yaml") . | sha256sum }}
checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.prometheusExporter.enabled }}
checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }}
checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.annotations}}
{{- range $key, $value := .Values.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.image.pullSecrets}}
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{ toYaml .Values.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"]
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
volumeMounts:
- mountPath: /tmp/certs
name: sonarqube
subPath: certs
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
- name: init-sysctl
image: {{ default "busybox:1.32" .Values.initSysctl.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_sysctl.sh"]
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- name: concat-properties
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
#!/bin/sh
if [ -f /tmp/props/sonar.properties ]; then
cat /tmp/props/sonar.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/secret.properties ]; then
cat /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/sonar.properties -a -f /tmp/props/secret.properties ]; then
awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
volumeMounts:
{{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: /tmp/props/sonar.properties
name: config
subPath: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- mountPath: /tmp/props/secret.properties
name: secret-config
subPath: secret.properties
{{- end }}
- mountPath: /tmp/result
name: concat-dir
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: inject-prometheus-exporter
image: {{ default "curlimages/curl:8.2.0" .Values.prometheusExporter.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.prometheusExporter.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.prometheusExporter.resources) | indent 12 }}
command: ["/bin/sh","-c"]
args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
volumeMounts:
- mountPath: /data
name: sonarqube
subPath: data
env:
- name: http_proxy
value: {{ default "" .Values.prometheusExporter.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.prometheusExporter.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.prometheusExporter.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.initFs.enabled }}
- name: init-fs
image: {{ default "busybox:1.32" .Values.initFs.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initFs.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initFs.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_fs.sh"]
volumeMounts:
- name: init-fs
mountPath: /tmp/scripts/
{{- if .Values.persistence.mounts }}
{{ toYaml .Values.persistence.mounts | indent 12 }}
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
{{- if .Values.persistence.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- else if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
image: {{ default "curlimages/curl:8.2.0" .Values.plugins.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh",
"-e",
"/tmp/scripts/install_plugins.sh"]
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
- name: install-plugins
mountPath: /tmp/scripts/
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
mountPath: /root
{{- end }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.plugins.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }}
env:
- name: http_proxy
value: {{ default "" .Values.plugins.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.plugins.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.plugins.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
containers:
{{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.prometheusExporter.enabled }}
- name: monitoring-web
containerPort: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
- name: monitoring-ce
containerPort: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
{{- end }}
resources:
{{ toYaml (default .Values.resources .Values.resource) | indent 12 }}
env:
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
- name: SONAR_HELM_CHART_VERSION
value: {{ .Chart.Version | replace "+" "_" }}
- name: SONAR_WEB_JAVAOPTS
value: {{ template "sonarqube.jvmOpts" . }}
- name: SONAR_WEB_CONTEXT
value: {{ include "sonarqube.webcontext" . }}
- name: SONAR_CE_JAVAOPTS
value: {{ template "sonarqube.jvmCEOpts" . }}
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jdbc.secret" . }}
key: {{ template "jdbc.secretPasswordKey" . }}
- name: SONAR_WEB_SYSTEMPASSCODE
valueFrom:
secretKeyRef:
{{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }}
name: {{ .Values.monitoringPasscodeSecretName }}
key: {{ .Values.monitoringPasscodeSecretKey }}
{{- else }}
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
key: SONAR_WEB_SYSTEMPASSCODE
{{- end }}
envFrom:
- configMapRef:
name: {{ template "sonarqube.fullname" . }}-jdbc-config
{{- range .Values.extraConfig.secrets }}
- secretRef:
name: {{ . }}
{{- end }}
{{- range .Values.extraConfig.configmaps }}
- configMapRef:
name: {{ . }}
{{- end }}
livenessProbe:
exec:
command:
- sh
- -c
- |
host="$(hostname -i || echo '127.0.0.1')"
wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/liveness"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/bin/bash
# A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are added to prevent the node to be kill while sonarqube is upgrading the database.
host="$(hostname -i || echo '127.0.0.1')"
if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
exit 0
fi
exit 1
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
startupProbe:
httpGet:
scheme: HTTP
path: {{ .Values.startupProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.mounts }}
{{ toYaml .Values.persistence.mounts | indent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- .Values.extraVolumeMounts | toYaml | nindent 12 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/
name: concat-dir
{{- end }}
{{- if .Values.sonarSecretKey }}
- mountPath: {{ .Values.sonarqubeFolder }}/secret/
name: secret
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
{{- if .Values.persistence.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- else if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- if .Values.prometheusExporter.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml
subPath: prometheus-config.yaml
name: prometheus-config
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml
subPath: prometheus-ce-config.yaml
name: prometheus-ce-config
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "sonarqube.serviceAccountName" . }}
volumes:
{{- if .Values.persistence.volumes }}
{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- .Values.extraVolumes | toYaml | nindent 6 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name: config
configMap:
name: {{ template "sonarqube.fullname" . }}-config
items:
- key: sonar.properties
path: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- name: secret-config
secret:
secretName: {{ .Values.sonarSecretProperties }}
items:
- key: secret.properties
path: secret.properties
{{- end }}
{{- if .Values.sonarSecretKey }}
- name: secret
secret:
secretName: {{ .Values.sonarSecretKey }}
items:
- key: sonar-secret.txt
path: sonar-secret.txt
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
secret:
secretName: {{ .Values.caCerts.secret }}
{{- end }}
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
secret:
secretName: {{ .Values.plugins.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
- name: init-sysctl
configMap:
name: {{ template "sonarqube.fullname" . }}-init-sysctl
items:
- key: init_sysctl.sh
path: init_sysctl.sh
- name: init-fs
configMap:
name: {{ template "sonarqube.fullname" . }}-init-fs
items:
- key: init_fs.sh
path: init_fs.sh
- name: install-plugins
configMap:
name: {{ template "sonarqube.fullname" . }}-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-config
items:
- key: prometheus-config.yaml
path: prometheus-config.yaml
- name: prometheus-ce-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config
items:
- key: prometheus-ce-config.yaml
path: prometheus-ce-config.yaml
{{- end }}
- name: sonarqube
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "sonarqube.fullname" . }}{{- end }}
{{- else }}
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- end }}
- name : tmp-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name : concat-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}}
{{- end }}
{{- end }}

40
helm/sonarqube/templates/tests/sonarqube-test.yaml Normal file
View File

@@ -0,0 +1,40 @@
{{- if .Values.tests.enabled -}}
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-ui-test"
annotations:
"helm.sh/hook": test-success
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end}}
{{- if .Values.image.pullSecrets}}
{{ toYaml .Values.image.pullSecrets | indent 4 }}
{{- end}}
{{- end }}
containers:
- name: {{ .Release.Name }}-ui-test
image: {{ .Values.tests.image | default (printf "%s:%s" .Values.image.repository (tpl .Values.image.tag .)) | quote }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ['wget']
args: [
'--retry-connrefused',
'--waitretry=1',
'--timeout=5',
'-t',
'12',
'-qO-',
'{{ template "sonarqube.fullname" . }}:{{ .Values.service.internalPort }}/api/system/status'
]
resources:
{{ toYaml .Values.tests.resources | indent 8 }}
restartPolicy: Never
{{- end -}}