Skip to content

Commit

Permalink
SONAR-23150 Group all Openshift-specific resources under the same par…
Browse files Browse the repository at this point in the history 
…ameter
  • Loading branch information
@carminevassallo
carminevassallo committed Sep 25, 2024
1 parent 215d3bc commit 9186069
Show file tree
Hide file tree
Showing 13 changed files with 94 additions and 106 deletions.
2 changes: 2 additions & 0 deletions charts/sonarqube-dce/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ All changes to this chart will be documented in this file.
* Support SONAR_OPENSHIFT telemetry env_var
* Update helm chart repo path in sources
* Support IS_HELM_AUTOSCALING_ENABLED telemetry env_var and rename SONAR_OPENSHIFT to IS_HELM_OPENSHIFT_ENABLED
* Refactor Route to be subparameter of OpenShift
* Make OpenShift.createSCC false by default

## [10.6.0]
* Upgrade SonarQube to 10.6.0
Expand Down
4 changes: 4 additions & 0 deletions charts/sonarqube-dce/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,10 @@ annotations:
description: "Update helm chart repo path in sources"
- kind: added
description: "Support IS_HELM_AUTOSCALING_ENABLED telemetry env_var and rename SONAR_OPENSHIFT to IS_HELM_OPENSHIFT_ENABLED"
- kind: changed
description: "Refactor Route to be subparameter of OpenShift"
- kind: changed
description: "Make OpenShift.createSCC false by default"
artifacthub.io/links: |
- name: support
url: https://community.sonarsource.com/
Expand Down
34 changes: 13 additions & 21 deletions charts/sonarqube-dce/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ If running on OpenShift, make sure your account has permissions to create PodMon

The chart can be installed on OpenShift by setting `OpenShift.enabled=true`. Among the others, please note that this value will disable the initContainer that performs the settings required by Elasticsearch (see [here](#elasticsearch-prerequisites)). Furthermore, we strongly recommend following the [Production Use Case guidelines](#production-use-case).

`Openshift.createSCC` is deprecated and should be set to `false`. The default securityContext, together with the production configurations described [above](#production-use-case), is compatible with restricted SCCv2.
Please note that `Openshift.createSCC` is deprecated and should be set to `false`. The default securityContext, together with the production configurations described [above](#production-use-case), is compatible with restricted SCCv2.

The below command will deploy SonarQube on the Openshift Kubernetes cluster. Please note this will use the embedded postgresql database and is not recommended for production.

Expand All @@ -215,14 +215,11 @@ export JWT_SECRET=$(echo -n "your_secret" | openssl dgst -sha256 -hmac "your_key
helm upgrade --install -n sonarqube-dce sonarqube sonarqube/sonarqube-dce \
--set ApplicationNodes.jwtSecret=$JWT_SECRET \
--set OpenShift.enabled=true \
--set OpenShift.createSCC=false \
--set postgresql.securityContext.enabled=false \
--set postgresql.containerSecurityContext.enabled=false
```

### Route definition

If you want to make your application publicly visible with Routes, you can set `route.enabled` to true. Please check the [configuration details](#route) to customize the Route base on your needs.
If you want to make your application publicly visible with Routes, you can set `OpenShift.route.enabled` to true. Please check the [configuration details](#openshift-1) to customize the Route base on your needs.

## Autoscaling

Expand Down Expand Up @@ -430,22 +427,17 @@ The following table lists the configurable parameters of the SonarQube chart and
### OpenShift
| Parameter | Description | Default |
| --------------------- | -------------------------------------------------------------------------------------- | ------- |
| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |
| `OpenShift.createSCC` | If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `true` |
### Route
| Parameter | Description | Default |
| ---------------------- | ----------------------------------------------------------------------------- | -------------------------- |
| `route.enabled` | Flag to enable OpenShift Route | `false` |
| `route.host` | Host that points to the service | `"sonarqube.your-org.com"` |
| `route.path` | Path that the router watches for, to route traffic for to the service | `"/"` |
| `route.tls` | TLS settings including termination type, certificates, insecure traffic, etc. | see `values.yaml` |
| `route.wildcardPolicy` | The wildcard policy that is allowed where this route is exposed | `None` |
| `route.annotations` | Optional field to add extra annotations to the route | `None` |
| `route.labels` | Route additional labels | `{}` |
| Parameter | Description | Default |
| -------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- |
| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |
| `OpenShift.createSCC` | (DEPRECATED) If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `false` |
| `OpenShift.route.enabled` | Flag to enable OpenShift Route | `false` |
| `OpenShift.route.host` | Host that points to the service | `"sonarqube.your-org.com"` |
| `OpenShift.route.path` | Path that the router watches for, to route traffic for to the service | `"/"` |
| `OpenShift.route.tls` | TLS settings including termination type, certificates, insecure traffic, etc. | see `values.yaml` |
| `OpenShift.route.wildcardPolicy` | The wildcard policy that is allowed where this route is exposed | `None` |
| `OpenShift.route.annotations` | Optional field to add extra annotations to the route | `None` |
| `OpenShift.route.labels` | Route additional labels | `{}` |
### HttpRoute
Expand Down
1 change: 0 additions & 1 deletion charts/sonarqube-dce/openshift-verifier/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
OpenShift:
enabled: true
createSCC: false

postgresql:
securityContext:
Expand Down
14 changes: 7 additions & 7 deletions charts/sonarqube-dce/templates/route.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,32 @@
{{- if and .Values.route.enabled .Values.OpenShift.enabled -}}
{{- if and .Values.OpenShift.route.enabled .Values.OpenShift.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
{{- include "sonarqube.labels" . | nindent 4 }}
{{- with .Values.route.labels }}
{{- with .Values.OpenShift.route.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.route.annotations }}
{{- with .Values.OpenShift.route.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.route.host }}
{{- with .Values.OpenShift.route.host }}
host: {{ . }}
{{- end }}
{{- with .Values.route.path }}
{{- with .Values.OpenShift.route.path }}
path: {{ . }}
{{- end }}
to:
kind: Service
name: {{ include "sonarqube.fullname" . }}
port:
targetPort: http
{{- with .Values.route.tls }}
{{- with .Values.OpenShift.route.tls }}
tls: {{- toYaml . | nindent 4 }}
{{- end -}}
{{- with .Values.route.wildcardPolicy }}
{{- with .Values.OpenShift.route.wildcardPolicy }}
wildcardPolicy: {{ . }}
{{- end -}}
{{- end -}}
43 changes: 21 additions & 22 deletions charts/sonarqube-dce/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,11 +413,30 @@ ApplicationNodes:
nodeEncryption:
enabled: false

## Is this deployment for OpenShift? If so, we help with SCCs
## OpenShift specific configuration
OpenShift:
enabled: false
# (Deprecated) this parameter should not be needed anymore, we support Openshift SCCv2 by default when Openshift.enabled=true
createSCC: true
createSCC: false
route:
enabled: false
host: "sonarqube.your-org.com"
path: "/"
# Add tls section to secure traffic.
tls:
termination: edge
# certificate:
# key:
# caCertificate:
# insecureEdgeTerminationPolicy: Redirect
wildcardPolicy: None
annotations: {}
# See Openshift/OKD route annotation
# https://docs.openshift.com/container-platform/4.10/networking/routes/route-configuration.html#nw-route-specific-annotations_route-configuration
# haproxy.router.openshift.io/timeout: 1m
# Additional labels for Route manifest file
# labels:
# external: 'true'

# will be used as default for ingress path and probes path, will be injected in .Values.env as SONAR_WEB_CONTEXT
# if .Values.ApplicationNodes.env.SONAR_WEB_CONTEXT is set, this value will be ignored
Expand Down Expand Up @@ -500,26 +519,6 @@ ingress:
# hosts:
# - chart-example.local

route:
enabled: false
host: "sonarqube.your-org.com"
path: "/"
# Add tls section to secure traffic.
tls:
termination: edge
# certificate:
# key:
# caCertificate:
# insecureEdgeTerminationPolicy: Redirect
wildcardPolicy: None
annotations: {}
# See Openshift/OKD route annotation
# https://docs.openshift.com/container-platform/4.10/networking/routes/route-configuration.html#nw-route-specific-annotations_route-configuration
# haproxy.router.openshift.io/timeout: 1m
# Additional labels for Route manifest file
# labels:
# external: 'true'

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
Expand Down
2 changes: 2 additions & 0 deletions charts/sonarqube/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ All changes to this chart will be documented in this file.
* Support SONAR_OPENSHIFT telemetry env_var
* Update helm chart repo path in sources
* Changed SONAR_OPENSHIFT to IS_HELM_OPENSHIFT_ENABLED
* Refactor Route to be subparameter of OpenShift
* Make OpenShift.createSCC false by default

## [10.6.0]
* Update SonarQube to 10.6.0
Expand Down
4 changes: 4 additions & 0 deletions charts/sonarqube/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,10 @@ annotations:
description: "Update helm chart repo path in sources"
- kind: changed
description: "Changed SONAR_OPENSHIFT to IS_HELM_OPENSHIFT_ENABLED"
- kind: changed
description: "Refactor Route to be subparameter of OpenShift"
- kind: changed
description: "Make OpenShift.createSCC false by default"
artifacthub.io/containsSecurityUpdates: "false"
artifacthub.io/images: |
- name: sonarqube
Expand Down
35 changes: 13 additions & 22 deletions charts/sonarqube/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -206,7 +206,7 @@ If running on OpenShift, make sure your account has permissions to create PodMon

The chart can be installed on OpenShift by setting `OpenShift.enabled=true`. Among the others, please note that this value will disable the initContainer that performs the settings required by Elasticsearch (see [here](#elasticsearch-prerequisites)). Furthermore, we strongly recommend following the [Production Use Case guidelines](#production-use-case).

`Openshift.createSCC` is deprecated and should be set to `false`. The default securityContext, together with the production configurations described [above](#production-use-case), is compatible with restricted SCCv2.
Please note that `Openshift.createSCC` is deprecated and should be set to `false`. The default securityContext, together with the production configurations described [above](#production-use-case), is compatible with restricted SCCv2.

The below command will deploy SonarQube on the Openshift Kubernetes cluster. Please note this will use the embedded postgresql database and is not recommended for production.

Expand All @@ -217,13 +217,9 @@ kubectl create namespace sonarqube # If you dont have permissions to create the
helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube \
--set OpenShift.enabled=true \
--set postgresql.securityContext.enabled=false \
--set OpenShift.createSCC=false \
--set postgresql.containerSecurityContext.enabled=false
```

### Route definition

If you want to make your application publicly visible with Routes, you can set `route.enabled` to true. Please check the [configuration details](#route) to customize the Route base on your needs.
If you want to make your application publicly visible with Routes, you can set `OpenShift.route.enabled` to true. Please check the [configuration details](#openshift-1) to customize the Route base on your needs.

## Configuration

Expand Down Expand Up @@ -263,10 +259,17 @@ The following table lists the configurable parameters of the SonarQube chart and

### OpenShift

| Parameter | Description | Default |
| --------------------- | -------------------------------------------------------------------------------------- | ------- |
| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |
| `OpenShift.createSCC` | If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `true` |
| Parameter | Description | Default |
| -------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- |
| `OpenShift.enabled` | Define if this deployment is for OpenShift | `false` |
| `OpenShift.createSCC` | (DEPRECATED) If this deployment is for OpenShift, define if SCC should be created for sonarqube pod | `false` |
| `OpenShift.route.enabled` | Flag to enable OpenShift Route | `false` |
| `OpenShift.route.host` | Host that points to the service | `"sonarqube.your-org.com"` |
| `OpenShift.route.path` | Path that the router watches for, to route traffic for to the service | `"/"` |
| `OpenShift.route.tls` | TLS settings including termination type, certificates, insecure traffic, etc. | see `values.yaml` |
| `OpenShift.route.wildcardPolicy` | The wildcard policy that is allowed where this route is exposed | `None` |
| `OpenShift.route.annotations` | Optional field to add extra annotations to the route | `None` |
| `OpenShift.route.labels` | Route additional labels | `{}` |

### Image

Expand Down Expand Up @@ -319,18 +322,6 @@ The following table lists the configurable parameters of the SonarQube chart and
| `ingress.ingressClassName` | Optional field to configure ingress class name | `None` |
| `ingress.annotations` | Field to add extra annotations to the ingress | {`nginx.ingress.kubernetes.io/proxy-body-size: "64m"`} if `ingress-nginx.enabled=true or nginx.enabled=true` |

### Route

| Parameter | Description | Default |
| ---------------------- | ----------------------------------------------------------------------------- | -------------------------- |
| `route.enabled` | Flag to enable OpenShift Route | `false` |
| `route.host` | Host that points to the service | `"sonarqube.your-org.com"` |
| `route.path` | Path that the router watches for, to route traffic for to the service | `"/"` |
| `route.tls` | TLS settings including termination type, certificates, insecure traffic, etc. | see `values.yaml` |
| `route.wildcardPolicy` | The wildcard policy that is allowed where this route is exposed | `None` |
| `route.annotations` | Optional field to add extra annotations to the route | `None` |
| `route.labels` | Route additional labels | `{}` |

### HttpRoute

| Parameter | Description | Default |
Expand Down
1 change: 0 additions & 1 deletion charts/sonarqube/openshift-verifier/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
OpenShift:
enabled: true
createSCC: false

postgresql:
securityContext:
Expand Down
3 changes: 0 additions & 3 deletions charts/sonarqube/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,6 @@
{{- range .Values.ingress.hosts }}
http://{{ .name }}
{{- end }}
{{- else if .Values.route.enabled }}
export ROUTE_HOST=$(kubectl get route {{ template "sonarqube.name" . }} --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.host}")
echo https://$ROUTE_HOST
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "sonarqube.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
Expand Down
14 changes: 7 additions & 7 deletions charts/sonarqube/templates/route.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,32 +1,32 @@
{{- if and .Values.route.enabled .Values.OpenShift.enabled -}}
{{- if and .Values.OpenShift.route.enabled .Values.OpenShift.enabled -}}
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: {{ template "sonarqube.fullname" . }}
labels:
{{- include "sonarqube.labels" . | nindent 4 }}
{{- with .Values.route.labels }}
{{- with .Values.OpenShift.route.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.route.annotations }}
{{- with .Values.OpenShift.route.annotations }}
annotations: {{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.route.host }}
{{- with .Values.OpenShift.route.host }}
host: {{ . }}
{{- end }}
{{- with .Values.route.path }}
{{- with .Values.OpenShift.route.path }}
path: {{ . }}
{{- end }}
to:
kind: Service
name: {{ include "sonarqube.fullname" . }}
port:
targetPort: http
{{- with .Values.route.tls }}
{{- with .Values.OpenShift.route.tls }}
tls: {{- toYaml . | nindent 4 }}
{{- end -}}
{{- with .Values.route.wildcardPolicy }}
{{- with .Values.OpenShift.route.wildcardPolicy }}
wildcardPolicy: {{ . }}
{{- end -}}
{{- end -}}
Loading

0 comments on commit 9186069

Please sign in to comment.