{{- if eq .Values.deploymentType "Deployment"}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "sonarqube.fullname" . }} labels: app: {{ template "sonarqube.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} app.kubernetes.io/name: {{ template "sonarqube.name" . }}-{{ template "sonarqube.fullname" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: {{ template "sonarqube.fullname" . }} app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ template "sonarqube.name" . }} release: {{ .Release.Name }} {{- if .Values.deploymentStrategy }} strategy: {{ toYaml .Values.deploymentStrategy | indent 4 }} {{- end }} template: metadata: labels: app: {{ template "sonarqube.name" . }} release: {{ .Release.Name }} {{- with .Values.podLabels }} {{ toYaml . | indent 8 }} {{- end }} annotations: checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }} checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.prometheusExporter.enabled }} checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }} checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }} {{- end }} {{- if .Values.annotations}} {{- range $key, $value := .Values.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} {{- end }} spec: {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName }} {{- end }} securityContext: {{ toYaml .Values.securityContext | indent 8 }} {{- if or .Values.image.pullSecrets .Values.image.pullSecret }} imagePullSecrets: {{- if .Values.image.pullSecret }} - name: {{ .Values.image.pullSecret }} {{- end }} {{- if .Values.image.pullSecrets}} {{ toYaml .Values.image.pullSecrets | indent 8 }} {{- end }} {{- end }} initContainers: {{- if .Values.extraInitContainers }} {{ toYaml .Values.extraInitContainers | indent 8 }} {{- end }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" image: {{ default "busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := .Values.initContainers.securityContext }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] {{- end }} {{- if .Values.caCerts.enabled }} - name: ca-certs image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh"] args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"] {{- if $securityContext := .Values.initContainers.securityContext }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} volumeMounts: - mountPath: /tmp/certs name: sonarqube subPath: certs - mountPath: /tmp/secrets/ca-certs name: ca-certs {{- with .Values.env }} env: {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }} - name: init-sysctl image: {{ default "busybox:1.32" .Values.initSysctl.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }} command: ["sh", "-e", "/tmp/scripts/init_sysctl.sh"] volumeMounts: - name: init-sysctl mountPath: /tmp/scripts/ {{- with .Values.env }} env: {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - name: concat-properties image: {{ default "busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - sh - -c - | #!/bin/sh if [ -f /tmp/props/sonar.properties ]; then cat /tmp/props/sonar.properties > /tmp/result/sonar.properties fi if [ -f /tmp/props/secret.properties ]; then cat /tmp/props/secret.properties > /tmp/result/sonar.properties fi if [ -f /tmp/props/sonar.properties -a -f /tmp/props/secret.properties ]; then awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties fi volumeMounts: {{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: /tmp/props/sonar.properties name: config subPath: sonar.properties {{- end }} {{- if .Values.sonarSecretProperties }} - mountPath: /tmp/props/secret.properties name: secret-config subPath: secret.properties {{- end }} - mountPath: /tmp/result name: concat-dir {{- if $securityContext := .Values.initContainers.securityContext }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} {{- with .Values.env }} env: {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} {{- if .Values.prometheusExporter.enabled }} - name: inject-prometheus-exporter image: {{ default "curlimages/curl:8.2.0" .Values.prometheusExporter.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.prometheusExporter.securityContext) }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml (default .Values.initContainers.resources .Values.prometheusExporter.resources) | indent 12 }} command: ["/bin/sh","-c"] args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"] volumeMounts: - mountPath: /data name: sonarqube subPath: data env: - name: http_proxy value: {{ default "" .Values.prometheusExporter.httpProxy }} - name: https_proxy value: {{ default "" .Values.prometheusExporter.httpsProxy }} - name: no_proxy value: {{ default "" .Values.prometheusExporter.noProxy }} {{- with .Values.env }} {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} {{- if .Values.plugins.install }} - name: install-plugins image: {{ default "curlimages/curl:8.2.0" .Values.plugins.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-e", "/tmp/scripts/install_plugins.sh"] volumeMounts: - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube subPath: extensions/plugins - name: install-plugins mountPath: /tmp/scripts/ {{- if .Values.plugins.netrcCreds }} - name: plugins-netrc-file mountPath: /root {{- end }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.plugins.securityContext) }} securityContext: {{ toYaml $securityContext | indent 12 }} {{- end }} resources: {{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }} env: - name: http_proxy value: {{ default "" .Values.plugins.httpProxy }} - name: https_proxy value: {{ default "" .Values.plugins.httpsProxy }} - name: no_proxy value: {{ default "" .Values.plugins.noProxy }} {{- with .Values.env }} {{- . | toYaml | trim | nindent 12 }} {{- end }} {{- end }} containers: {{- if .Values.extraContainers }} {{- toYaml .Values.extraContainers | nindent 8 }} {{- end }} - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http containerPort: {{ .Values.service.internalPort }} protocol: TCP {{- if .Values.prometheusExporter.enabled }} - name: monitoring-web containerPort: {{ .Values.prometheusExporter.webBeanPort }} protocol: TCP - name: monitoring-ce containerPort: {{ .Values.prometheusExporter.ceBeanPort }} protocol: TCP {{- end }} resources: {{ toYaml (default .Values.resources .Values.resource) | indent 12 }} env: {{- with .Values.env }} {{- . | toYaml | trim | nindent 12 }} {{- end }} - name: SONAR_HELM_CHART_VERSION value: {{ .Chart.Version | replace "+" "_" }} - name: SONAR_WEB_JAVAOPTS value: {{ template "sonarqube.jvmOpts" . }} - name: SONAR_CE_JAVAOPTS value: {{ template "sonarqube.jvmCEOpts" . }} - name: SONAR_WEB_CONTEXT value: {{ include "sonarqube.webcontext" . }} - name: SONAR_JDBC_PASSWORD valueFrom: secretKeyRef: name: {{ template "jdbc.secret" . }} key: {{ template "jdbc.secretPasswordKey" . }} - name: SONAR_WEB_SYSTEMPASSCODE valueFrom: secretKeyRef: {{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }} name: {{ .Values.monitoringPasscodeSecretName }} key: {{ .Values.monitoringPasscodeSecretKey }} {{- else }} name: {{ template "sonarqube.fullname" . }}-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE {{- end }} envFrom: - configMapRef: name: {{ template "sonarqube.fullname" . }}-jdbc-config {{- range .Values.extraConfig.secrets }} - secretRef: name: {{ . }} {{- end }} {{- range .Values.extraConfig.configmaps }} - configMapRef: name: {{ . }} {{- end }} livenessProbe: exec: command: - sh - -c - | host="$(hostname -i || echo '127.0.0.1')" wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/liveness" initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} readinessProbe: exec: command: - sh - -c - | #!/bin/bash # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. host="$(hostname -i || echo '127.0.0.1')" if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} startupProbe: httpGet: scheme: HTTP path: {{ .Values.startupProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status port: http initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.startupProbe.periodSeconds }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} {{- if .Values.containerSecurityContext }} securityContext: {{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- end }} volumeMounts: {{- if .Values.persistence.mounts }} {{ toYaml .Values.persistence.mounts | indent 12 }} {{- end }} {{- if .Values.extraVolumeMounts }} {{- .Values.extraVolumeMounts | toYaml | nindent 12 }} {{- end }} {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }} - mountPath: {{ .Values.sonarqubeFolder }}/conf/ name: concat-dir {{- end }} {{- if .Values.sonarSecretKey }} - mountPath: {{ .Values.sonarqubeFolder }}/secret/ name: secret {{- end }} {{- if .Values.caCerts.enabled }} - mountPath: {{ .Values.sonarqubeFolder }}/certs name: sonarqube subPath: certs {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/data name: sonarqube subPath: data {{- if .Values.persistence.enabled }} - mountPath: {{ .Values.sonarqubeFolder }}/extensions name: sonarqube subPath: extensions {{- else if .Values.plugins.install }} - mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins name: sonarqube subPath: extensions/plugins {{- end }} - mountPath: {{ .Values.sonarqubeFolder }}/temp name: sonarqube subPath: temp - mountPath: {{ .Values.sonarqubeFolder }}/logs name: sonarqube subPath: logs - mountPath: /tmp name: tmp-dir {{- if .Values.prometheusExporter.enabled }} - mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml subPath: prometheus-config.yaml name: prometheus-config - mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml subPath: prometheus-ce-config.yaml name: prometheus-ce-config {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} {{- if .Values.hostAliases }} hostAliases: {{ toYaml .Values.hostAliases | indent 8 }} {{- end }} {{- if .Values.tolerations }} tolerations: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} {{- end }} serviceAccountName: {{ template "sonarqube.serviceAccountName" . }} volumes: {{- if .Values.extraVolumes }} {{- .Values.extraVolumes | toYaml | nindent 6 }} {{- end }} {{- if .Values.persistence.volumes }} {{ tpl (toYaml .Values.persistence.volumes | indent 6) . }} {{- end }} {{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name: config configMap: name: {{ template "sonarqube.fullname" . }}-config items: - key: sonar.properties path: sonar.properties {{- end }} {{- if .Values.sonarSecretProperties }} - name: secret-config secret: secretName: {{ .Values.sonarSecretProperties }} items: - key: secret.properties path: secret.properties {{- end }} {{- if .Values.sonarSecretKey }} - name: secret secret: secretName: {{ .Values.sonarSecretKey }} items: - key: sonar-secret.txt path: sonar-secret.txt {{- end }} {{- if .Values.caCerts.enabled }} - name: ca-certs secret: secretName: {{ .Values.caCerts.secret }} {{- end }} {{- if .Values.plugins.netrcCreds }} - name: plugins-netrc-file secret: secretName: {{ .Values.plugins.netrcCreds }} items: - key: netrc path: .netrc {{- end }} - name: init-sysctl configMap: name: {{ template "sonarqube.fullname" . }}-init-sysctl items: - key: init_sysctl.sh path: init_sysctl.sh - name: install-plugins configMap: name: {{ template "sonarqube.fullname" . }}-install-plugins items: - key: install_plugins.sh path: install_plugins.sh {{- if .Values.prometheusExporter.enabled }} - name: prometheus-config configMap: name: {{ template "sonarqube.fullname" . }}-prometheus-config items: - key: prometheus-config.yaml path: prometheus-config.yaml - name: prometheus-ce-config configMap: name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config items: - key: prometheus-ce-config.yaml path: prometheus-ce-config.yaml {{- end }} - name: sonarqube {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "sonarqube.fullname" . }}{{- end }} {{- else }} emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} {{- end }} - name : tmp-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }} {{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }} - name : concat-dir emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}} {{- end }} {{- end }}