Skip to content

Commit

Permalink
Refactor standard chart to address authenticated requests for drivers
Browse files Browse the repository at this point in the history
  • Loading branch information
@carminevassallo
carminevassallo committed Oct 4, 2024
1 parent c799580 commit ac4b283
Show file tree
Hide file tree
Showing 7 changed files with 59 additions and 33 deletions.
47 changes: 24 additions & 23 deletions charts/sonarqube/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -445,32 +445,33 @@ The following table lists the configurable parameters of the SonarQube chart and

### Persistence

| Parameter | Description | Default |
| --------------------------- | ---------------------------------------------------------------------------- | --------------- |
| `persistence.enabled` | Flag for enabling persistent storage | `false` |
| `persistence.annotations` | Kubernetes pvc annotations | `{}` |
| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` |
| `persistence.storageClass` | Storage class to be used | `""` |
| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` |
| `persistence.size` | Size of the volume | `5Gi` |
| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` |
| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` |
| `persistence.uid` | UID used for init-fs container | `1000` |
| `persistence.guid` | GUID used for init-fs container | `0` |
| `emptyDir` | Configuration of resources for `emptyDir` | `{}` |
| Parameter | Description | Default |
| --------------------------- | ------------------------------------------------- | --------------- |
| `persistence.enabled` | Flag for enabling persistent storage | `false` |
| `persistence.annotations` | Kubernetes pvc annotations | `{}` |
| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` |
| `persistence.storageClass` | Storage class to be used | `""` |
| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` |
| `persistence.size` | Size of the volume | `5Gi` |
| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` |
| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` |
| `persistence.uid` | UID used for init-fs container | `1000` |
| `persistence.guid` | GUID used for init-fs container | `0` |
| `emptyDir` | Configuration of resources for `emptyDir` | `{}` |

### JDBC Overwrite

| Parameter | Description | Default |
| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------ |
| `jdbcOverwrite.enable` | (DEPRECATED) Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) ,Please use jdbcOverwrite.enabled instead | `false` |
| `jdbcOverwrite.enabled` | Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) | `false` |
| `jdbcOverwrite.jdbcUrl` | The JDBC url to connect the external DB | `jdbc:postgresql://myPostgress/myDatabase` |
| `jdbcOverwrite.jdbcUsername` | The DB user that should be used for the JDBC connection | `sonarUser` |
| `jdbcOverwrite.jdbcPassword` | The DB password that should be used for the JDBC connection (Use this if you don't mind the DB password getting stored in plain text within the values file) | `sonarPass` |
| `jdbcOverwrite.jdbcSecretName` | Alternatively, use a pre-existing k8s secret containing the DB password | `None` |
| `jdbcOverwrite.jdbcSecretPasswordKey` | If the pre-existing k8s secret is used this allows the user to overwrite the 'key' of the password property in the secret | `None` |
| `jdbcOverwrite.oracleJdbcDriverURL` | The URL of the Oracle JDBC driver to be downloaded | `None` |
| Parameter | Description | Default |
| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------ |
| `jdbcOverwrite.enable` | (DEPRECATED) Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) ,Please use jdbcOverwrite.enabled instead | `false` |
| `jdbcOverwrite.enabled` | Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) | `false` |
| `jdbcOverwrite.jdbcUrl` | The JDBC url to connect the external DB | `jdbc:postgresql://myPostgress/myDatabase` |
| `jdbcOverwrite.jdbcUsername` | The DB user that should be used for the JDBC connection | `sonarUser` |
| `jdbcOverwrite.jdbcPassword` | The DB password that should be used for the JDBC connection (Use this if you don't mind the DB password getting stored in plain text within the values file) | `sonarPass` |
| `jdbcOverwrite.jdbcSecretName` | Alternatively, use a pre-existing k8s secret containing the DB password | `None` |
| `jdbcOverwrite.jdbcSecretPasswordKey` | If the pre-existing k8s secret is used this allows the user to overwrite the 'key' of the password property in the secret | `None` |
| `jdbcOverwrite.oracleJdbcDriver.url` | The URL of the Oracle JDBC driver to be downloaded | `None` |
| `jdbcOverwrite.oracleJdbcDriver.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading the Oracle JDBC driver | `None` |

### Bundled PostgreSQL Chart (DEPRECATED)

Expand Down
16 changes: 14 additions & 2 deletions charts/sonarqube/templates/_pod.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ spec:
{{- end }}
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }}
{{- if .Values.jdbcOverwrite.oracleJdbcDriver }}
- name: install-oracle-jdbc-driver
image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
Expand All @@ -237,6 +237,10 @@ spec:
subPath: extensions/jdbc-driver/oracle
- name: install-oracle-jdbc-driver
mountPath: /tmp/scripts/
{{- if .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
- name: oracle-jdbc-driver-netrc-file
mountPath: /root
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
Expand Down Expand Up @@ -412,6 +416,14 @@ spec:
- key: netrc
path: .netrc
{{- end }}
{{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
- name: oracle-jdbc-driver-netrc-file
secret:
secretName: {{ .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
{{- if and .Values.initSysctl.enabled (not .Values.OpenShift.enabled) }}
- name: init-sysctl
configMap:
Expand All @@ -436,7 +448,7 @@ spec:
- key: install_plugins.sh
path: install_plugins.sh
{{- end }}
{{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }}
{{- if .Values.jdbcOverwrite.oracleJdbcDriver }}
- name: install-oracle-jdbc-driver
configMap:
name: {{ include "sonarqube.fullname" . }}-install-oracle-jdbc-driver
Expand Down
2 changes: 1 addition & 1 deletion charts/sonarqube/templates/init-fs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ data:
chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/data
chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/temp
chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/logs
{{- if or .Values.plugins.install .Values.jdbcOverwrite.oracleJdbcDriverURL }}
{{- if or .Values.plugins.install .Values.jdbcOverwrite.oracleJdbcDriver }}
chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/extensions
{{- end }}
{{- if .Values.caCerts.enabled }}
Expand Down
4 changes: 2 additions & 2 deletions charts/sonarqube/templates/install-oracle-jdbc-driver.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }}
{{- if .Values.jdbcOverwrite.oracleJdbcDriver }}
apiVersion: v1
kind: ConfigMap
metadata:
Expand All @@ -8,5 +8,5 @@ data:
install_oracle_jdbc_driver.sh: |-
rm -f {{ .Values.sonarqubeFolder }}/extensions/jdbc-driver/oracle/*
cd {{ .Values.sonarqubeFolder }}/extensions/jdbc-driver/oracle
curl {{- if .Values.caCerts.enabled}} --cacert /tmp/secrets/ca-certs/* {{- end}} -fsSLO {{ .Values.jdbcOverwrite.oracleJdbcDriverURL }}
curl {{- if .Values.caCerts.enabled }} --cacert /tmp/secrets/ca-certs/* {{- end}} {{ if $.Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}--netrc-file /root/.netrc{{ end }} -fsSLO {{ .Values.jdbcOverwrite.oracleJdbcDriver.url }}
{{- end }}
7 changes: 5 additions & 2 deletions charts/sonarqube/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -515,8 +515,11 @@ jdbcOverwrite:
# jdbcSecretName: "sonarqube-jdbc"
## and the secretValueKey of the password found within that secret
# jdbcSecretPasswordKey: "jdbc-password"
# To install the oracle JDBC driver, set the following URL (in this example, we set the URL for the Oracle 11 driver. Please update it to your target driver URL.)
# oracleJdbcDriverURL: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar"
# To install the oracle JDBC driver, set the following URL (in this example, we set the URL for the Oracle 11 driver. Please update it to your target driver URL.).
# If downloading the driver requires authentication, please set the .netrc secret file with a key "netrc" to use basic auth.
# oracleJdbcDriver:
# url: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar"
# netrcCreds: ""

## (DEPRECATED) Configuration values for postgresql dependency
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md
Expand Down
12 changes: 10 additions & 2 deletions tests/unit-compatibility-test/fixtures/sonarqube/ca-certificates-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ data:
install_oracle_jdbc_driver.sh: |-
rm -f /opt/sonarqube/extensions/jdbc-driver/oracle/*
cd /opt/sonarqube/extensions/jdbc-driver/oracle
curl --cacert /tmp/secrets/ca-certs/* -fsSLO https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar
curl --cacert /tmp/secrets/ca-certs/* --netrc-file /root/.netrc -fsSLO https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar
---
# Source: sonarqube/templates/install-plugins.yaml
apiVersion: v1
Expand Down Expand Up @@ -508,7 +508,9 @@ spec:
name: sonarqube
subPath: extensions/jdbc-driver/oracle
- name: install-oracle-jdbc-driver
mountPath: /tmp/scripts/
mountPath: /tmp/scripts/
- name: oracle-jdbc-driver-netrc-file
mountPath: /root
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
env:
Expand Down Expand Up @@ -630,6 +632,12 @@ spec:
items:
- key: forticlient.crt
path: forticlient.crt
- name: oracle-jdbc-driver-netrc-file
secret:
secretName: test
items:
- key: netrc
path: .netrc
- name: init-sysctl
configMap:
name: ca-certificates-configmap.yaml-sonarqube-init-sysctl
Expand Down
4 changes: 3 additions & 1 deletion tests/unit-compatibility-test/sonarqube/ca-certificates-configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,6 @@ caCerts:
path: forticlient.crt

jdbcOverwrite:
oracleJdbcDriverURL: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar"
oracleJdbcDriver:
url: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar"
netrcCreds: "test"

0 comments on commit ac4b283

Please sign in to comment.