Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'upstream/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
T committed Jan 27, 2021
2 parents aaa4eba + 35d16b3 commit 9c8b1ba
Show file tree
Hide file tree
Showing 32 changed files with 975 additions and 300 deletions.
5 changes: 0 additions & 5 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,6 @@ jobs:
chmod 700 get_helm.sh
./get_helm.sh
- name: Configure Helm
run: |
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
- name: Run chart-releaser
uses: helm/[email protected]
env:
Expand Down
36 changes: 36 additions & 0 deletions charts/sonarqube/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# SonarQube Chart Changelog
All changes to this chart will be documented in this file.

## [9.2.3]
* Added namespace to port-foward command in notes.

## [9.2.2]
* Added a condition to deployment.yaml so that `wait-for-db` initContainer is only created if `postgresql.enabled=true`

## [9.2.1]
* Updated the configuration table to include the additional keys added in release 9.2.0.

## [9.2.0]
* Added functionality for deployments to OpenShift clusters.
* .Values.OpenShift flag to signify if deploying to OpenShift.
* Ability to have chart generate an SCC allowing the init-sysctl container to run as privileged.
* Setting of a seperate securityContext section for the main SonarQube container to avoid running as root.
* Exposing additional `postreSQL` keys in values.yaml to support configuring postgres to run under standard "restricted" or "anyuid"/"nonroot" SCCs on OpenShift.
* Added initContainer `wait-for-db` to await postgreSQL successful startup before starting SonarQube, to avoid race conditions.

## [9.1.1]
* Update SonarQube to 8.5.1.
* **Fix:** Purge plugins directory before download.

## [9.0.0]
* Update SonarQube to 8.5.
* **Breaking change:** Rework init containers.
* Move global defaults from `plugins` section to `initContainers`.
* Update container images.
* **Deprecation:** `elasticsearch.configureNode` in favor of `initSysctl.enabled`.
* Rework sysctl with support for custom values.
* Rework plugins installation via `opt/sonarqube/extensions/downloads` folder that is handled by SonarQube itself.
* **Breaking change:** remove `plugins.deleteDefaultPlugins` as SonarQube stores bundled plugins out of `opt/sonarqube/extensions`.
* Rename deprecated `SONARQUBE_` environment variables to `SONAR_` ones.
* **Breaking change:** Rename `enabledTests` to `tests.enabled`.
* Add `terminationGracePeriodSeconds`.
4 changes: 2 additions & 2 deletions charts/sonarqube/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
apiVersion: v1
name: sonarqube
description: SonarQube is an open sourced code quality scanning tool
version: 6.8.1
appVersion: 8.2-community
version: 9.2.6
appVersion: 8.5.1-community
keywords:
- coverage
- security
Expand Down
214 changes: 130 additions & 84 deletions charts/sonarqube/README.md
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion charts/sonarqube/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,5 @@
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "sonarqube.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }}
kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }} -n {{ .Release.Namespace }}
{{- end }}
33 changes: 0 additions & 33 deletions charts/sonarqube/templates/copy-plugins.yaml
View file

This file was deleted.

158 changes: 97 additions & 61 deletions charts/sonarqube/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ spec:
{{ toYaml . | indent 8 }}
{{- end }}
annotations:
checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }}
checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
Expand All @@ -44,7 +45,6 @@ spec:
{{- if .Values.schedulerName }}
schedulerName: {{ .Values.schedulerName }}
{{- end }}

{{- if .Values.serviceAccount.create }}
{{- if .Values.serviceAccount.name }}
serviceAccountName: {{ .Values.serviceAccount.name }}
Expand All @@ -61,11 +61,16 @@ spec:
initContainers:
{{- if .Values.caCerts }}
- name: ca-certs
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.plugins.initCertsContainerImage }}
image: {{ default "adoptopenjdk/openjdk11:alpine" .Values.caCerts.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml .Values.initContainersSecurityContext | indent 12 }}
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
volumeMounts:
- mountPath: /tmp/certs
name: sonarqube
Expand All @@ -77,68 +82,62 @@ spec:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.elasticsearch.configureNode }}
{{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
- name: init-sysctl
image: {{ default "busybox:1.31" .Values.plugins.initSysctlContainerImage }}
image: {{ default "busybox:1.32" .Values.initSysctl.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }}
securityContext:
{{ toYaml .Values.initContainersSecurityContext | indent 12 }}
{{- if .Values.plugins.initSysctlResources }}
resources:
{{ toYaml .Values.plugins.initSysctlResources | indent 12 }}
{{ toYaml $securityContext | indent 12 }}
{{- end }}
command:
- /bin/sh
- -c
- 'if [[ "$(sysctl -n vm.max_map_count)" -lt 262144 ]]; then sysctl -w vm.max_map_count=262144; fi'
resources:
{{ toYaml (default .Values.initContainers.resources .Values.initSysctl.resources) | indent 12 }}
command: ["sh",
"-e",
"/tmp/scripts/init_sysctl.sh"]
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
image: {{ default "rjkernick/alpine-wget:latest" .Values.plugins.initContainerImage }}
image: {{ default "rjkernick/alpine-wget:latest" .Values.plugins.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh",
"-ec",
"mkdir -p {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp ;
cd {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp ;
rm -f ./* ;
sh -e /tmp/scripts/install_plugins.sh ;
pwd ; ls -lah"]
"-e",
"/tmp/scripts/install_plugins.sh"]
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads
name: sonarqube
subPath: tmp
subPath: extensions/downloads
- mountPath: {{ .Values.sonarqubeFolder }}/lib/common
name: sonarqube
subPath: lib/common
- name: install-plugins
mountPath: /tmp/scripts/
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
mountPath: /root
{{- end }}
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml .Values.initContainersSecurityContext | indent 12 }}
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml (default .Values.initContainers.resources .Values.plugins.resource) | indent 12 }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
resources:
{{ toYaml .Values.plugins.resources | indent 12 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- end }}
{{- if and .Values.sonarProperties .Values.sonarSecretProperties }}
- name: concat-properties
image: {{ default "alpine:3.10.3" .Values.plugins.initContainerImage }}
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh",
"-c",
"awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties"]
Expand All @@ -151,14 +150,44 @@ spec:
subPath: secret.properties
- mountPath: /tmp/result
name: concat-dir
{{- if $securityContext := .Values.initContainers.securityContext }}
securityContext:
{{ toYaml $securityContext | indent 12 }}
{{- end }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
{{- with .Values.env }}
env:
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: "wait-for-db"
image: {{ default "busybox:1.32" .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
resources:
{{ toYaml .Values.initContainers.resources | indent 12 }}
command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"]
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.hostAliases }}
hostAliases:
{{ toYaml .Values.hostAliases | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand All @@ -167,15 +196,11 @@ spec:
- name: http
containerPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.plugins.install }}
command:
- /tmp/scripts/copy_plugins.sh
{{- end }}
env:
{{- with .Values.env }}
{{- . | toYaml | trim | nindent 12 }}
{{- end }}
- name: SONARQUBE_WEB_JVM_OPTS
- name: SONAR_WEB_JAVAOPTS
{{- if .Values.caCerts }}
value: {{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts %s" .Values.sonarqubeFolder .Values.jvmOpts | trim | quote }}
{{- else }}
Expand All @@ -185,7 +210,7 @@ spec:
- name: SONAR_CE_JAVAOPTS
value: {{ printf "-Djavax.net.ssl.trustStore=%s/certs/cacerts" .Values.sonarqubeFolder | trim | quote }}
{{- end }}
- name: SONARQUBE_JDBC_PASSWORD
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "postgresql.secret" . }}
Expand Down Expand Up @@ -241,12 +266,18 @@ spec:
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp
name: sonarqube
subPath: tmp
{{- if .Values.plugins.install }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/downloads
name: sonarqube
subPath: downloads
subPath: extensions/downloads
{{- end }}
{{- if .Values.plugins.lib }}
{{- range $index, $val := .Values.plugins.lib }}
- mountPath: {{ $.Values.sonarqubeFolder }}/lib/common/{{ $val }}
name: sonarqube
subPath: lib/common/{{ $val }}
{{- end }}
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
Expand All @@ -255,8 +286,6 @@ spec:
subPath: logs
- mountPath: /tmp
name: tmp-dir
- name: copy-plugins
mountPath: /tmp/scripts
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.nodeSelector }}
Expand Down Expand Up @@ -304,19 +333,26 @@ spec:
secret:
secretName: {{ .Values.caCerts.secret }}
{{- end }}
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
secret:
secretName: {{ .Values.plugins.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
- name: init-sysctl
configMap:
name: {{ template "sonarqube.fullname" . }}-init-sysctl
items:
- key: init_sysctl.sh
path: init_sysctl.sh
- name: install-plugins
configMap:
name: {{ template "sonarqube.fullname" . }}-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
- name: copy-plugins
configMap:
name: {{ template "sonarqube.fullname" . }}-copy-plugins
defaultMode: 0755
items:
- key: copy_plugins.sh
path: copy_plugins.sh
- name: sonarqube
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
Expand Down
Loading

0 comments on commit 9c8b1ba

Please sign in to comment.