Fix plugin download issue for StatefulSet chart (#113)

* Fix plugin download issue for StatefulSet chart Downloading of plugins fail since the plugin init container is not allowed to write the downloaded plugin into the download directory. If setting values for plugins: runAsUser and runAsGroup to 0 the download works. But, when SonarQube container starts up it doesn't have the permissions to move the plugins in to the correct folder. This fix solve the issue so the default user-id 1000 can download the plugin and SonarQube container then have the permissions to move the downloaded files. This issue has been fixed in the deployment.yaml file but must have been missed for the stateful set.
SonarSource · Nov 16, 2021 · c57acfe · c57acfe
1 parent ea11497
commit c57acfe
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md
@@ -1,9 +1,13 @@
 # SonarQube Chart Changelog
 All changes to this chart will be documented in this file.
 
-# [1.1.10]
+## [1.1.11]
+* fixed missing POD level security context for statefulset deployment
+
+## [1.1.10]
 * added link to community support forum
 * Use liveness endpoint instead of helth endpoint for liveness probe
+
 ## [1.1.9]
 * fixed wrong scc user reference if name was explicitly set 
 

diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: sonarqube
 description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
-version: 1.1.10
+version: 1.1.11
 appVersion: 9.1.0
 keywords:
   - coverage
@@ -25,6 +25,8 @@ annotations:
       description: "added link to community support forum"
     - kind: changed
       description: "Use liveness endpoint instead of helth endpoint for liveness probe"
+    - kind: fixed
+      description: "fixed missing POD level security context for stateful-set deployment"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube

diff --git a/charts/sonarqube/templates/sonarqube-sts.yaml b/charts/sonarqube/templates/sonarqube-sts.yaml
@@ -45,6 +45,8 @@ spec:
       {{- end }}
 {{- end }}
     spec:
+      securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
       {{- if .Values.image.pullSecret }}
       imagePullSecrets:
         - name: {{ .Values.image.pullSecret }}