sa_8001/dsk-devops-toolchains
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dsk-devops-toolchains/helm/sonarqube/templates/sonarqube-sts.yaml
dsk-minchulahn d601d0f259 디렉토리 구조 및 각 서비스 추가
2024-01-03 17:29:11 +09:00

532 lines
22 KiB
YAML
Raw Permalink Blame History

{{- if eq .Values.deploymentType "StatefulSet"}}
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
app.kubernetes.io/name: {{ template "sonarqube.name" . }}-{{ template "sonarqube.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/part-of: sonarqube
app.kubernetes.io/component: {{ template "sonarqube.fullname" . }}
app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }}
spec:
replicas: {{ .Values.replicaCount }}
serviceName: {{ template "sonarqube.fullname" . }}
selector:
matchLabels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "sonarqube.name" . }}
release: {{ .Release.Name }}
{{- with .Values.podLabels }}
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }}
checksum/init-fs: {{ include (print $.Template.BasePath "/init-fs.yaml") . | sha256sum }}
checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.prometheusExporter.enabled }}
checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }}
checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.annotations}}
{{- range $key, $value := .Values.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- if .Values.image.pullSecrets}}
{{ toYaml .Values.image.pullSecrets | indent 8 }}
{{- end }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{ toYaml .Values.extraInitContainers | indent 8 }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"]
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
volumeMounts:
- mountPath: /tmp/certs
name: sonarqube
subPath: certs
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
- name: init-sysctl
image: {{ default "busybox:1.32" .Values.initSysctl.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_sysctl.sh"]
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- name: concat-properties
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
#!/bin/sh
if [ -f /tmp/props/sonar.properties ]; then
cat /tmp/props/sonar.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/secret.properties ]; then
cat /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/sonar.properties -a -f /tmp/props/secret.properties ]; then
awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
volumeMounts:
{{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: /tmp/props/sonar.properties
name: config
subPath: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- mountPath: /tmp/props/secret.properties
name: secret-config
subPath: secret.properties
{{- end }}
- mountPath: /tmp/result
name: concat-dir
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: inject-prometheus-exporter
image: {{ default "curlimages/curl:8.2.0" .Values.prometheusExporter.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.prometheusExporter.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.prometheusExporter.resources) | indent 12 }}
command: ["/bin/sh","-c"]
args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
volumeMounts:
- mountPath: /data
name: sonarqube
subPath: data
env:
- name: http_proxy
value: {{ default "" .Values.prometheusExporter.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.prometheusExporter.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.prometheusExporter.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.initFs.enabled }}
- name: init-fs
image: {{ default "busybox:1.32" .Values.initFs.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initFs.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initFs.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_fs.sh"]
volumeMounts:
- name: init-fs
mountPath: /tmp/scripts/
{{- if .Values.persistence.mounts }}
{{ toYaml .Values.persistence.mounts | indent 12 }}
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
{{- if .Values.persistence.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- else if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
image: {{ default "curlimages/curl:8.2.0" .Values.plugins.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh",
"-e",
"/tmp/scripts/install_plugins.sh"]
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
- name: install-plugins
mountPath: /tmp/scripts/
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
mountPath: /root
{{- end }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.plugins.securityContext) }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }}
env:
- name: http_proxy
value: {{ default "" .Values.plugins.httpProxy }}
- name: https_proxy
value: {{ default "" .Values.plugins.httpsProxy }}
- name: no_proxy
value: {{ default "" .Values.plugins.noProxy }}
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
containers:
{{- if .Values.extraContainers }}
{{- toYaml .Values.extraContainers | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.prometheusExporter.enabled }}
- name: monitoring-web
containerPort: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
- name: monitoring-ce
containerPort: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
{{- end }}
resources:
{{ toYaml (default .Values.resources .Values.resource) | indent 12 }}
env:
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
- name: SONAR_HELM_CHART_VERSION
value: {{ .Chart.Version | replace "+" "_" }}
- name: SONAR_WEB_JAVAOPTS
value: {{ template "sonarqube.jvmOpts" . }}
- name: SONAR_WEB_CONTEXT
value: {{ include "sonarqube.webcontext" . }}
- name: SONAR_CE_JAVAOPTS
value: {{ template "sonarqube.jvmCEOpts" . }}
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "jdbc.secret" . }}
key: {{ template "jdbc.secretPasswordKey" . }}
- name: SONAR_WEB_SYSTEMPASSCODE
valueFrom:
secretKeyRef:
{{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }}
name: {{ .Values.monitoringPasscodeSecretName }}
key: {{ .Values.monitoringPasscodeSecretKey }}
{{- else }}
name: {{ template "sonarqube.fullname" . }}-monitoring-passcode
key: SONAR_WEB_SYSTEMPASSCODE
{{- end }}
envFrom:
- configMapRef:
name: {{ template "sonarqube.fullname" . }}-jdbc-config
{{- range .Values.extraConfig.secrets }}
- secretRef:
name: {{ . }}
{{- end }}
{{- range .Values.extraConfig.configmaps }}
- configMapRef:
name: {{ . }}
{{- end }}
livenessProbe:
exec:
command:
- sh
- -c
- |
host="$(hostname -i || echo '127.0.0.1')"
wget --no-proxy --quiet -O /dev/null --timeout={{ .Values.livenessProbe.timeoutSeconds }} --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/liveness"
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/bin/bash
# A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are added to prevent the node to be kill while sonarqube is upgrading the database.
host="$(hostname -i || echo '127.0.0.1')"
if wget --no-proxy -qO- http://${host}:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
exit 0
fi
exit 1
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
startupProbe:
httpGet:
scheme: HTTP
path: {{ .Values.startupProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{- toYaml .Values.containerSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.persistence.mounts }}
{{ toYaml .Values.persistence.mounts | indent 12 }}
{{- end }}
{{- if .Values.extraVolumeMounts }}
{{- .Values.extraVolumeMounts | toYaml | nindent 12 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/
name: concat-dir
{{- end }}
{{- if .Values.sonarSecretKey }}
- mountPath: {{ .Values.sonarqubeFolder }}/secret/
name: secret
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
{{- if .Values.persistence.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- else if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- if .Values.prometheusExporter.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml
subPath: prometheus-config.yaml
name: prometheus-config
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml
subPath: prometheus-ce-config.yaml
name: prometheus-ce-config
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
serviceAccountName: {{ template "sonarqube.serviceAccountName" . }}
volumes:
{{- if .Values.persistence.volumes }}
{{ tpl (toYaml .Values.persistence.volumes | indent 6) . }}
{{- end }}
{{- if .Values.extraVolumes }}
{{- .Values.extraVolumes | toYaml | nindent 6 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name: config
configMap:
name: {{ template "sonarqube.fullname" . }}-config
items:
- key: sonar.properties
path: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- name: secret-config
secret:
secretName: {{ .Values.sonarSecretProperties }}
items:
- key: secret.properties
path: secret.properties
{{- end }}
{{- if .Values.sonarSecretKey }}
- name: secret
secret:
secretName: {{ .Values.sonarSecretKey }}
items:
- key: sonar-secret.txt
path: sonar-secret.txt
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
secret:
secretName: {{ .Values.caCerts.secret }}
{{- end }}
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
secret:
secretName: {{ .Values.plugins.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
- name: init-sysctl
configMap:
name: {{ template "sonarqube.fullname" . }}-init-sysctl
items:
- key: init_sysctl.sh
path: init_sysctl.sh
- name: init-fs
configMap:
name: {{ template "sonarqube.fullname" . }}-init-fs
items:
- key: init_fs.sh
path: init_fs.sh
- name: install-plugins
configMap:
name: {{ template "sonarqube.fullname" . }}-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-config
items:
- key: prometheus-config.yaml
path: prometheus-config.yaml
- name: prometheus-ce-config
configMap:
name: {{ template "sonarqube.fullname" . }}-prometheus-ce-config
items:
- key: prometheus-ce-config.yaml
path: prometheus-ce-config.yaml
{{- end }}
- name: sonarqube
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "sonarqube.fullname" . }}{{- end }}
{{- else }}
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- end }}
- name : tmp-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name : concat-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 10 -}}
{{- end }}
{{- end }}
Reference in New Issue View Git Blame Copy Permalink