diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md index d6934989e..3172f6daf 100644 --- a/charts/sonarqube/README.md +++ b/charts/sonarqube/README.md @@ -445,32 +445,33 @@ The following table lists the configurable parameters of the SonarQube chart and ### Persistence -| Parameter | Description | Default | -| --------------------------- | ---------------------------------------------------------------------------- | --------------- | -| `persistence.enabled` | Flag for enabling persistent storage | `false` | -| `persistence.annotations` | Kubernetes pvc annotations | `{}` | -| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` | -| `persistence.storageClass` | Storage class to be used | `""` | -| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | -| `persistence.size` | Size of the volume | `5Gi` | -| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` | -| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` | -| `persistence.uid` | UID used for init-fs container | `1000` | -| `persistence.guid` | GUID used for init-fs container | `0` | -| `emptyDir` | Configuration of resources for `emptyDir` | `{}` | +| Parameter | Description | Default | +| --------------------------- | ------------------------------------------------- | --------------- | +| `persistence.enabled` | Flag for enabling persistent storage | `false` | +| `persistence.annotations` | Kubernetes pvc annotations | `{}` | +| `persistence.existingClaim` | Do not create a new PVC but use this one | `None` | +| `persistence.storageClass` | Storage class to be used | `""` | +| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | +| `persistence.size` | Size of the volume | `5Gi` | +| `persistence.volumes` | (DEPRECATED) Please use extraVolumes instead | `[]` | +| `persistence.mounts` | (DEPRECATED) Please use extraVolumeMounts instead | `[]` | +| `persistence.uid` | UID used for init-fs container | `1000` | +| `persistence.guid` | GUID used for init-fs container | `0` | +| `emptyDir` | Configuration of resources for `emptyDir` | `{}` | ### JDBC Overwrite -| Parameter | Description | Default | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------ | -| `jdbcOverwrite.enable` | (DEPRECATED) Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) ,Please use jdbcOverwrite.enabled instead | `false` | -| `jdbcOverwrite.enabled` | Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) | `false` | -| `jdbcOverwrite.jdbcUrl` | The JDBC url to connect the external DB | `jdbc:postgresql://myPostgress/myDatabase` | -| `jdbcOverwrite.jdbcUsername` | The DB user that should be used for the JDBC connection | `sonarUser` | -| `jdbcOverwrite.jdbcPassword` | The DB password that should be used for the JDBC connection (Use this if you don't mind the DB password getting stored in plain text within the values file) | `sonarPass` | -| `jdbcOverwrite.jdbcSecretName` | Alternatively, use a pre-existing k8s secret containing the DB password | `None` | -| `jdbcOverwrite.jdbcSecretPasswordKey` | If the pre-existing k8s secret is used this allows the user to overwrite the 'key' of the password property in the secret | `None` | -| `jdbcOverwrite.oracleJdbcDriverURL` | The URL of the Oracle JDBC driver to be downloaded | `None` | +| Parameter | Description | Default | +| ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------ | +| `jdbcOverwrite.enable` | (DEPRECATED) Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) ,Please use jdbcOverwrite.enabled instead | `false` | +| `jdbcOverwrite.enabled` | Enable JDBC overwrites for external Databases (disables `postgresql.enabled`) | `false` | +| `jdbcOverwrite.jdbcUrl` | The JDBC url to connect the external DB | `jdbc:postgresql://myPostgress/myDatabase` | +| `jdbcOverwrite.jdbcUsername` | The DB user that should be used for the JDBC connection | `sonarUser` | +| `jdbcOverwrite.jdbcPassword` | The DB password that should be used for the JDBC connection (Use this if you don't mind the DB password getting stored in plain text within the values file) | `sonarPass` | +| `jdbcOverwrite.jdbcSecretName` | Alternatively, use a pre-existing k8s secret containing the DB password | `None` | +| `jdbcOverwrite.jdbcSecretPasswordKey` | If the pre-existing k8s secret is used this allows the user to overwrite the 'key' of the password property in the secret | `None` | +| `jdbcOverwrite.oracleJdbcDriver.url` | The URL of the Oracle JDBC driver to be downloaded | `None` | +| `jdbcOverwrite.oracleJdbcDriver.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading the Oracle JDBC driver | `None` | ### Bundled PostgreSQL Chart (DEPRECATED) diff --git a/charts/sonarqube/templates/_pod.tpl b/charts/sonarqube/templates/_pod.tpl index 55e81fe86..66f509cf6 100644 --- a/charts/sonarqube/templates/_pod.tpl +++ b/charts/sonarqube/templates/_pod.tpl @@ -220,7 +220,7 @@ spec: {{- end }} {{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }} {{- end }} - {{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }} + {{- if .Values.jdbcOverwrite.oracleJdbcDriver }} - name: install-oracle-jdbc-driver image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -237,6 +237,10 @@ spec: subPath: extensions/jdbc-driver/oracle - name: install-oracle-jdbc-driver mountPath: /tmp/scripts/ + {{- if .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }} + - name: oracle-jdbc-driver-netrc-file + mountPath: /root + {{- end }} {{- if .Values.caCerts.enabled }} - mountPath: /tmp/secrets/ca-certs name: ca-certs @@ -412,6 +416,14 @@ spec: - key: netrc path: .netrc {{- end }} + {{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }} + - name: oracle-jdbc-driver-netrc-file + secret: + secretName: {{ .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }} + items: + - key: netrc + path: .netrc + {{- end }} {{- if and .Values.initSysctl.enabled (not .Values.OpenShift.enabled) }} - name: init-sysctl configMap: @@ -436,7 +448,7 @@ spec: - key: install_plugins.sh path: install_plugins.sh {{- end }} - {{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }} + {{- if .Values.jdbcOverwrite.oracleJdbcDriver }} - name: install-oracle-jdbc-driver configMap: name: {{ include "sonarqube.fullname" . }}-install-oracle-jdbc-driver diff --git a/charts/sonarqube/templates/init-fs.yaml b/charts/sonarqube/templates/init-fs.yaml index 96a849b1c..c37ece60f 100644 --- a/charts/sonarqube/templates/init-fs.yaml +++ b/charts/sonarqube/templates/init-fs.yaml @@ -9,7 +9,7 @@ data: chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/data chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/temp chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/logs - {{- if or .Values.plugins.install .Values.jdbcOverwrite.oracleJdbcDriverURL }} + {{- if or .Values.plugins.install .Values.jdbcOverwrite.oracleJdbcDriver }} chown -R {{ .Values.persistence.uid }}:{{ .Values.persistence.guid }} {{ .Values.sonarqubeFolder }}/extensions {{- end }} {{- if .Values.caCerts.enabled }} diff --git a/charts/sonarqube/templates/install-oracle-jdbc-driver.yaml b/charts/sonarqube/templates/install-oracle-jdbc-driver.yaml index ab2f3019e..2297c4f9e 100644 --- a/charts/sonarqube/templates/install-oracle-jdbc-driver.yaml +++ b/charts/sonarqube/templates/install-oracle-jdbc-driver.yaml @@ -1,4 +1,4 @@ -{{- if .Values.jdbcOverwrite.oracleJdbcDriverURL }} +{{- if .Values.jdbcOverwrite.oracleJdbcDriver }} apiVersion: v1 kind: ConfigMap metadata: @@ -8,5 +8,5 @@ data: install_oracle_jdbc_driver.sh: |- rm -f {{ .Values.sonarqubeFolder }}/extensions/jdbc-driver/oracle/* cd {{ .Values.sonarqubeFolder }}/extensions/jdbc-driver/oracle - curl {{- if .Values.caCerts.enabled}} --cacert /tmp/secrets/ca-certs/* {{- end}} -fsSLO {{ .Values.jdbcOverwrite.oracleJdbcDriverURL }} + curl {{- if .Values.caCerts.enabled }} --cacert /tmp/secrets/ca-certs/* {{- end}} {{ if $.Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}--netrc-file /root/.netrc{{ end }} -fsSLO {{ .Values.jdbcOverwrite.oracleJdbcDriver.url }} {{- end }} diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index 5503f8c2c..8788e7cfa 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -515,8 +515,11 @@ jdbcOverwrite: # jdbcSecretName: "sonarqube-jdbc" ## and the secretValueKey of the password found within that secret # jdbcSecretPasswordKey: "jdbc-password" - # To install the oracle JDBC driver, set the following URL (in this example, we set the URL for the Oracle 11 driver. Please update it to your target driver URL.) - # oracleJdbcDriverURL: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar" + # To install the oracle JDBC driver, set the following URL (in this example, we set the URL for the Oracle 11 driver. Please update it to your target driver URL.). + # If downloading the driver requires authentication, please set the .netrc secret file with a key "netrc" to use basic auth. + # oracleJdbcDriver: + # url: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar" + # netrcCreds: "" ## (DEPRECATED) Configuration values for postgresql dependency ## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/README.md diff --git a/tests/unit-compatibility-test/fixtures/sonarqube/ca-certificates-configmap.yaml b/tests/unit-compatibility-test/fixtures/sonarqube/ca-certificates-configmap.yaml index d93805202..2f69d939c 100644 --- a/tests/unit-compatibility-test/fixtures/sonarqube/ca-certificates-configmap.yaml +++ b/tests/unit-compatibility-test/fixtures/sonarqube/ca-certificates-configmap.yaml @@ -121,7 +121,7 @@ data: install_oracle_jdbc_driver.sh: |- rm -f /opt/sonarqube/extensions/jdbc-driver/oracle/* cd /opt/sonarqube/extensions/jdbc-driver/oracle - curl --cacert /tmp/secrets/ca-certs/* -fsSLO https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar + curl --cacert /tmp/secrets/ca-certs/* --netrc-file /root/.netrc -fsSLO https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar --- # Source: sonarqube/templates/install-plugins.yaml apiVersion: v1 @@ -508,7 +508,9 @@ spec: name: sonarqube subPath: extensions/jdbc-driver/oracle - name: install-oracle-jdbc-driver - mountPath: /tmp/scripts/ + mountPath: /tmp/scripts/ + - name: oracle-jdbc-driver-netrc-file + mountPath: /root - mountPath: /tmp/secrets/ca-certs name: ca-certs env: @@ -630,6 +632,12 @@ spec: items: - key: forticlient.crt path: forticlient.crt + - name: oracle-jdbc-driver-netrc-file + secret: + secretName: test + items: + - key: netrc + path: .netrc - name: init-sysctl configMap: name: ca-certificates-configmap.yaml-sonarqube-init-sysctl diff --git a/tests/unit-compatibility-test/sonarqube/ca-certificates-configmap.yaml b/tests/unit-compatibility-test/sonarqube/ca-certificates-configmap.yaml index c3fb85ad3..c9ed70c23 100644 --- a/tests/unit-compatibility-test/sonarqube/ca-certificates-configmap.yaml +++ b/tests/unit-compatibility-test/sonarqube/ca-certificates-configmap.yaml @@ -6,4 +6,6 @@ caCerts: path: forticlient.crt jdbcOverwrite: - oracleJdbcDriverURL: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar" + oracleJdbcDriver: + url: "https://download.oracle.com/otn-pub/otn_software/jdbc/2113/ojdbc11.jar" + netrcCreds: "test"