diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md index 6cb372061..34683cfed 100644 --- a/charts/sonarqube-dce/CHANGELOG.md +++ b/charts/sonarqube-dce/CHANGELOG.md @@ -26,6 +26,7 @@ All changes to this chart will be documented in this file. * Refactor Route to be subparameter of OpenShift * Make OpenShift.createSCC false by default * Support ApplicationNodes.extraVolumes and ApplicationNodes.extraVolumeMounts +* Ensure kubernetes.io/version label is smaller than 63 chars ## [10.6.0] * Upgrade SonarQube to 10.6.0 diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml index 27a847ce7..7f8ea6e19 100644 --- a/charts/sonarqube-dce/Chart.yaml +++ b/charts/sonarqube-dce/Chart.yaml @@ -77,6 +77,8 @@ annotations: description: "Make OpenShift.createSCC false by default" - kind: added description: "Support ApplicationNodes.extraVolumes and ApplicationNodes.extraVolumeMounts" + - kind: added + description: "Ensure kubernetes.io/version label is smaller than 63 chars" artifacthub.io/links: | - name: support url: https://community.sonarsource.com/ diff --git a/charts/sonarqube-dce/templates/sonarqube-application.yaml b/charts/sonarqube-dce/templates/sonarqube-application.yaml index e8837d4b8..b79759c09 100644 --- a/charts/sonarqube-dce/templates/sonarqube-application.yaml +++ b/charts/sonarqube-dce/templates/sonarqube-application.yaml @@ -13,7 +13,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: {{ template "sonarqube.fullname" . }} - app.kubernetes.io/version: {{ .Values.ApplicationNodes.image.tag | quote }} + app.kubernetes.io/version: {{ (tpl .Values.ApplicationNodes.image.tag .) | trunc 63 | trimSuffix "-" | quote }} spec: {{- if not .Values.ApplicationNodes.hpa.enabled }} replicas: {{ .Values.ApplicationNodes.replicaCount }} diff --git a/charts/sonarqube-dce/templates/sonarqube-search.yaml b/charts/sonarqube-dce/templates/sonarqube-search.yaml index 9b7ffe72c..2df9dd7da 100644 --- a/charts/sonarqube-dce/templates/sonarqube-search.yaml +++ b/charts/sonarqube-dce/templates/sonarqube-search.yaml @@ -13,7 +13,7 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: {{ template "sonarqube.fullname" . }} - app.kubernetes.io/version: {{ .Values.searchNodes.image.tag | quote }} + app.kubernetes.io/version: {{ (tpl .Values.searchNodes.image.tag .) | trunc 63 | trimSuffix "-" | quote }} spec: podManagementPolicy : Parallel replicas: {{ .Values.searchNodes.replicaCount }} diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index 2656d3d0b..d1c2276ad 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -27,6 +27,7 @@ All changes to this chart will be documented in this file. * Refactor Route to be subparameter of OpenShift * Make OpenShift.createSCC false by default * Deprecate peristence.volumes and persistence.mounts in favor or extraVolumes and extraVolumeMounts +* Ensure kubernetes.io/version label is smaller than 63 chars ## [10.6.0] * Update SonarQube to 10.6.0 diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 9071d598e..2c2701a6b 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -82,6 +82,8 @@ annotations: description: "Make OpenShift.createSCC false by default" - kind: changed description: "Deprecate peristence.volumes and persistence.mounts in favor or extraVolumes and extraVolumeMounts" + - kind: added + description: "Ensure kubernetes.io/version label is smaller than 63 chars" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube diff --git a/charts/sonarqube/templates/_helpers.tpl b/charts/sonarqube/templates/_helpers.tpl index 46fce5c8b..5bd376be1 100644 --- a/charts/sonarqube/templates/_helpers.tpl +++ b/charts/sonarqube/templates/_helpers.tpl @@ -46,7 +46,7 @@ app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: {{ include "sonarqube.fullname" . }} -app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }} +app.kubernetes.io/version: {{ (tpl .Values.image.tag .) | trunc 63 | trimSuffix "-" | quote }} {{- end -}} {{/* diff --git a/tests/unit-compatibility-test/fixtures/sonarqube-dce/custom-image-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube-dce/custom-image-values.yaml new file mode 100644 index 000000000..9b9ca50d4 --- /dev/null +++ b/tests/unit-compatibility-test/fixtures/sonarqube-dce/custom-image-values.yaml @@ -0,0 +1,982 @@ +--- +# Source: sonarqube-dce/templates/pod-disruption-budget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: custom-image-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +spec: + minAvailable: 2 + + selector: + matchLabels: + sonarqube.datacenter/type: "search" +--- +# Source: sonarqube-dce/templates/pod-disruption-budget.yaml +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: custom-image-values.yaml-sonarqube-dce-app + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +spec: + minAvailable: 1 + + selector: + matchLabels: + sonarqube.datacenter/type: "app" +--- +# Source: sonarqube-dce/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + namespace: default +type: Opaque +data: + postgresql-postgres-password: "dG90bw==" + postgresql-password: "c29uYXJQYXNz" +--- +# Source: sonarqube-dce/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-sonarqube-dce-monitoring-passcode + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0" +--- +# Source: sonarqube-dce/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-sonarqube-dce-jwt + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_AUTH_JWTBASE64HS256SECRET: "" +--- +# Source: sonarqube-dce/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-sonarqube-dce-http-proxies + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +type: Opaque +stringData: + PLUGINS-HTTP-PROXY: "" + PLUGINS-HTTPS-PROXY: "" + PLUGINS-NO-PROXY: "" + PROMETHEUS-EXPORTER-HTTP-PROXY: "" + PROMETHEUS-EXPORTER-HTTPS-PROXY: "" + PROMETHEUS-EXPORTER-NO-PROXY: "" +--- +# Source: sonarqube-dce/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-app-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube-dce/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-search-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube-dce/templates/init-fs.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-init-fs + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + init_fs.sh: |- + chown -R 1000:0 /opt/sonarqube/data + chown -R 1000:0 /opt/sonarqube/temp + chown -R 1000:0 /opt/sonarqube/logs +--- +# Source: sonarqube-dce/templates/init-sysctl.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-init-sysctl + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + init_sysctl.sh: |- + if [[ "$(sysctl -n vm.max_map_count)" -lt 524288 ]]; then + sysctl -w vm.max_map_count=524288 + fi + if [[ "$(sysctl -n fs.file-max)" -lt 131072 ]]; then + sysctl -w fs.file-max=131072 + fi + if [[ "$(ulimit -n)" != "unlimited" ]]; then + if [[ "$(ulimit -n)" -lt 131072 ]]; then + echo "ulimit -n 131072" + ulimit -n 131072 + fi + fi + if [[ "$(ulimit -u)" != "unlimited" ]]; then + if [[ "$(ulimit -u)" -lt 8192 ]]; then + echo "ulimit -u 8192" + ulimit -u 8192 + fi + fi +--- +# Source: sonarqube-dce/templates/install-plugins.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-install-plugins + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + install_plugins.sh: |- +--- +# Source: sonarqube-dce/templates/jdbc-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-dce-jdbc-config + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + SONAR_JDBC_USERNAME: "sonarUser" + SONAR_JDBC_URL: "jdbc:postgresql://custom-image-values.yaml-postgresql:5432/sonarDB" +--- +# Source: sonarqube-dce/charts/postgresql/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-postgresql-headless + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: default +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml +--- +# Source: sonarqube-dce/charts/postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + annotations: + namespace: default +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + role: primary +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-sonarqube-dce + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: http + protocol: TCP + name: http + selector: + app: sonarqube-dce + release: custom-image-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-sonarqube-dce-headless + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + +spec: + type: ClusterIP + clusterIP: None + publishNotReadyAddresses: true + ports: + - port: 9003 + targetPort: hazelcast + protocol: TCP + name: hazelcast + selector: + app: sonarqube-dce + release: custom-image-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + +spec: + type: ClusterIP + ports: + - port: 9001 + targetPort: search-port + protocol: TCP + name: search + - port: 9002 + targetPort: es-port + protocol: TCP + name: es + selector: + app: sonarqube-dce-search + release: custom-image-values.yaml +--- +# Source: sonarqube-dce/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-sonarqube-dce-search-headless + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - port: 9001 + targetPort: search-port + protocol: TCP + name: search + - port: 9002 + targetPort: es-port + protocol: TCP + name: es + selector: + app: sonarqube-dce-search + release: custom-image-values.yaml +--- +# Source: sonarqube-dce/templates/sonarqube-application.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: custom-image-values.yaml-sonarqube-dce-app + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + app.kubernetes.io/name: custom-image-values.yaml + sonarqube.datacenter/type: "app" + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: custom-image-values.yaml-sonarqube-dce + app.kubernetes.io/version: "lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef8" +spec: + replicas: 2 + revisionHistoryLimit: + strategy: + type: Recreate + selector: + matchLabels: + app: sonarqube-dce + release: custom-image-values.yaml + template: + metadata: + labels: + app: sonarqube-dce + release: custom-image-values.yaml + sonarqube.datacenter/type: "app" + annotations: + checksum/plugins: 18f34903a7e3fbd5204e01fc5826079bca6230e84c762f1ab181b93c4f917369 + checksum/config: d77ef5d3374c3d37902e28e417d7ec5dfa6b8054015b2ab14d904f8e8c25e604 + checksum/secret: c7ceeff60c9b9fa00302fd247b713e8e5066b04c80e8b38fb4a7287c067df8a4 + spec: + automountServiceAccountToken: false + initContainers: + - name: "wait-for-db" + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + resources: + {} + command: ["/bin/bash", "-c"] + args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/custom-image-values.yaml-postgresql/5432) && exit 0; sleep 2;done; exit 1'] + securityContext: + fsGroup: 0 + containers: + - name: sonarqube-dce + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9000 + protocol: TCP + - name: hazelcast + containerPort: 9003 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 4096M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 4096M + env: + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + - name: SONAR_HELM_CHART_VERSION + value: 10.7.0 + - name: SONAR_LOG_JSONOUTPUT + value: "false" + - name: SONAR_CLUSTER_SEARCH_HOSTS + value: "custom-image-values.yaml-sonarqube-dce-search" + - name: SONAR_CLUSTER_KUBERNETES + value: "true" + - name: SONAR_CLUSTER_NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SONAR_CLUSTER_HOSTS + value: "custom-image-values.yaml-sonarqube-dce-headless" + - name: SONAR_AUTH_JWTBASE64HS256SECRET + valueFrom: + secretKeyRef: + name: "custom-image-values.yaml-sonarqube-dce-jwt" + key: SONAR_AUTH_JWTBASE64HS256SECRET + - name: SONAR_JDBC_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-password + - name: SONAR_WEB_SYSTEMPASSCODE + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-sonarqube-dce-monitoring-passcode + key: SONAR_WEB_SYSTEMPASSCODE + envFrom: + - configMapRef: + name: custom-image-values.yaml-sonarqube-dce-jdbc-config + livenessProbe: + exec: + command: + - sh + - -c + - | + host="$(hostname -i || echo '127.0.0.1')" + wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:9000/api/system/liveness" + failureThreshold: 6 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING + # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. + host="$(hostname -i || echo '127.0.0.1')" + if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + exit 0 + fi + exit 1 + failureThreshold: 8 + initialDelaySeconds: 0 + periodSeconds: 30 + timeoutSeconds: 1 + startupProbe: + httpGet: + scheme: HTTP + path: /api/system/status + port: http + initialDelaySeconds: 45 + periodSeconds: 10 + failureThreshold: 32 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/data + name: sonarqube + subPath: data + - mountPath: /opt/sonarqube/temp + name: sonarqube + subPath: temp + - mountPath: /opt/sonarqube/logs + name: sonarqube + subPath: logs + - mountPath: /tmp + name: tmp-dir + serviceAccountName: default + volumes: + + - name: install-plugins + configMap: + name: custom-image-values.yaml-sonarqube-dce-install-plugins + items: + - key: install_plugins.sh + path: install_plugins.sh + - name: sonarqube + emptyDir: + {} + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube-dce/charts/postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary + annotations: + namespace: default +spec: + serviceName: custom-image-values.yaml-postgresql-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + role: primary + template: + metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + role: primary + app.kubernetes.io/component: primary + spec: + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/component: primary + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + automountServiceAccountToken: false + containers: + - name: custom-image-values.yaml-postgresql + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r22 + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-postgres-password + - name: POSTGRES_USER + value: "sonarUser" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-password + - name: POSTGRES_DB + value: "sonarDB" + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + subPath: + volumes: + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "20Gi" +--- +# Source: sonarqube-dce/templates/sonarqube-search.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: custom-image-values.yaml-sonarqube-dce-search + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm + app.kubernetes.io/name: "custom-image-values.yaml" + sonarqube.datacenter/type: "search" + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: custom-image-values.yaml-sonarqube-dce + app.kubernetes.io/version: "lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef8" +spec: + podManagementPolicy : Parallel + replicas: 3 + serviceName: custom-image-values.yaml-sonarqube-dce-search + selector: + matchLabels: + app: sonarqube-dce-search + release: custom-image-values.yaml + volumeClaimTemplates: + - metadata: + name: custom-image-values.yaml-sonarqube-dce + labels: + release: custom-image-values.yaml + chart: "sonarqube-dce" + app: "custom-image-values.yaml-sonarqube-dce" + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "5Gi" + template: + metadata: + labels: + app: sonarqube-dce-search + release: custom-image-values.yaml + sonarqube.datacenter/type: "search" + annotations: + checksum/init-sysctl: d11db4125b1ba516ba4c3b2d6647c87757febd6d9927621376010166652e66f5 + checksum/init-fs: 31b9c83afbad653044a79acdad136f3c4ab608eadd01923a750a1ac3ad7b0235 + checksum/config: d77ef5d3374c3d37902e28e417d7ec5dfa6b8054015b2ab14d904f8e8c25e604 + checksum/secret: c7ceeff60c9b9fa00302fd247b713e8e5066b04c80e8b38fb4a7287c067df8a4 + spec: + automountServiceAccountToken: false + initContainers: + - name: init-sysctl + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsUser: 0 + resources: + {} + command: ["/bin/bash", + "-e", + "/tmp/scripts/init_sysctl.sh"] + volumeMounts: + - name: init-sysctl + mountPath: /tmp/scripts/ + - name: init-fs + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + add: + - CHOWN + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + seccompProfile: + type: RuntimeDefault + resources: + {} + command: ["sh", + "-ex", + "/tmp/scripts/init_fs.sh"] + volumeMounts: + - name: init-fs + mountPath: /tmp/scripts/ + - mountPath: /opt/sonarqube/certs + name: "custom-image-values.yaml-sonarqube-dce" + subPath: certs + - mountPath: /opt/sonarqube/data + name: "custom-image-values.yaml-sonarqube-dce" + subPath: data + - mountPath: /opt/sonarqube/temp + name: "custom-image-values.yaml-sonarqube-dce" + subPath: temp + - mountPath: /opt/sonarqube/logs + name: "custom-image-values.yaml-sonarqube-dce" + subPath: logs + - mountPath: /tmp + name: tmp-dir + securityContext: + fsGroup: 0 + containers: + - name: sonarqube-dce-search + image: "sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7" + imagePullPolicy: IfNotPresent + ports: + - name: search-port + containerPort: 9001 + protocol: TCP + - name: es-port + containerPort: 9002 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 3072M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 3072M + env: + - name: SONAR_LOG_JSONOUTPUT + value: "false" + - name: SONAR_CLUSTER_ES_HOSTS + value: "custom-image-values.yaml-sonarqube-dce-search-0,custom-image-values.yaml-sonarqube-dce-search-1,custom-image-values.yaml-sonarqube-dce-search-2," + - name: SONAR_CLUSTER_ES_DISCOVERY_SEED_HOSTS + value: "custom-image-values.yaml-sonarqube-dce-search-headless" + - name: SONAR_CLUSTER_NODE_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + livenessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered live if http call returns 200 + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?local=true" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 0 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered ready if the status of embedded ES is green or yellow + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?wait_for_status=yellow&timeout=50s" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 0 + periodSeconds: 30 + failureThreshold: 6 + timeoutSeconds: 1 + startupProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube search node container is considered started if http call returns 200 + host="$(hostname -i || echo '127.0.0.1')" + if wget --auth-no-challenge --no-proxy -qO- "http://${host}:9001/_cluster/health?local=true" | grep -q -e '"status":"green"' -e '"status":"yellow"'; then + exit 0 + fi + exit 1 + initialDelaySeconds: 20 + periodSeconds: 10 + failureThreshold: 24 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/certs + name: "custom-image-values.yaml-sonarqube-dce" + subPath: certs + readOnly: true + - mountPath: /opt/sonarqube/data + name: "custom-image-values.yaml-sonarqube-dce" + subPath: data + - mountPath: /opt/sonarqube/temp + name: "custom-image-values.yaml-sonarqube-dce" + subPath: temp + - mountPath: /opt/sonarqube/logs + name: "custom-image-values.yaml-sonarqube-dce" + subPath: logs + - mountPath: /tmp + name: tmp-dir + serviceAccountName: default + volumes: + + - name: init-sysctl + configMap: + name: custom-image-values.yaml-sonarqube-dce-init-sysctl + items: + - key: init_sysctl.sh + path: init_sysctl.sh + - name: init-fs + configMap: + name: custom-image-values.yaml-sonarqube-dce-init-fs + items: + - key: init_fs.sh + path: init_fs.sh + - name: "custom-image-values.yaml-sonarqube-dce" + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube-dce/templates/tests/sonarqube-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "custom-image-values.yaml-ui-test" + annotations: + "helm.sh/hook": test-success + labels: + app: sonarqube-dce + chart: sonarqube-dce-10.7.0 + release: custom-image-values.yaml + heritage: Helm +spec: + automountServiceAccountToken: false + containers: + - name: custom-image-values.yaml-ui-test + image: "sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7" + imagePullPolicy: IfNotPresent + command: ['wget'] + args: [ + '--retry-connrefused', + '--waitretry=1', + '--timeout=5', + '-t', + '1200', + '-qO-', + 'custom-image-values.yaml-sonarqube-dce:9000/api/system/status' + ] + resources: + limits: + cpu: 500m + ephemeral-storage: 1000M + memory: 200M + requests: + cpu: 500m + ephemeral-storage: 100M + memory: 200M + restartPolicy: Never diff --git a/tests/unit-compatibility-test/fixtures/sonarqube/custom-image-values.yaml b/tests/unit-compatibility-test/fixtures/sonarqube/custom-image-values.yaml new file mode 100644 index 000000000..5c95fc97c --- /dev/null +++ b/tests/unit-compatibility-test/fixtures/sonarqube/custom-image-values.yaml @@ -0,0 +1,600 @@ +--- +# Source: sonarqube/charts/postgresql/templates/secrets.yaml +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + namespace: default +type: Opaque +data: + postgresql-postgres-password: "dG90bw==" + postgresql-password: "c29uYXJQYXNz" +--- +# Source: sonarqube/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-sonarqube-monitoring-passcode + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +type: Opaque +data: + SONAR_WEB_SYSTEMPASSCODE: "ZGVmaW5lX2l0" +--- +# Source: sonarqube/templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: custom-image-values.yaml-sonarqube-http-proxies + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +type: Opaque +stringData: + PLUGINS-HTTP-PROXY: "" + PLUGINS-HTTPS-PROXY: "" + PLUGINS-NO-PROXY: "" + PROMETHEUS-EXPORTER-HTTP-PROXY: "" + PROMETHEUS-EXPORTER-HTTPS-PROXY: "" + PROMETHEUS-EXPORTER-NO-PROXY: "" +--- +# Source: sonarqube/templates/config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-config + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + sonar.properties: | +--- +# Source: sonarqube/templates/init-fs.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-init-fs + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + init_fs.sh: |- +--- +# Source: sonarqube/templates/init-sysctl.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-init-sysctl + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + init_sysctl.sh: |- + if [[ "$(sysctl -n vm.max_map_count)" -lt 524288 ]]; then + sysctl -w vm.max_map_count=524288 + fi + if [[ "$(sysctl -n fs.file-max)" -lt 131072 ]]; then + sysctl -w fs.file-max=131072 + fi + if [[ "$(ulimit -n)" != "unlimited" ]]; then + if [[ "$(ulimit -n)" -lt 131072 ]]; then + echo "ulimit -n 131072" + ulimit -n 131072 + fi + fi + if [[ "$(ulimit -u)" != "unlimited" ]]; then + if [[ "$(ulimit -u)" -lt 8192 ]]; then + echo "ulimit -u 8192" + ulimit -u 8192 + fi + fi +--- +# Source: sonarqube/templates/install-plugins.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-install-plugins + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + install_plugins.sh: |- +--- +# Source: sonarqube/templates/jdbc-config.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: custom-image-values.yaml-sonarqube-jdbc-config + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +data: + SONAR_JDBC_USERNAME: "sonarUser" + SONAR_JDBC_URL: "jdbc:postgresql://custom-image-values.yaml-postgresql:5432/sonarDB" +--- +# Source: sonarqube/charts/postgresql/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-postgresql-headless + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: default +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml +--- +# Source: sonarqube/charts/postgresql/templates/svc.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + annotations: + namespace: default +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + role: primary +--- +# Source: sonarqube/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: custom-image-values.yaml-sonarqube + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: http + protocol: TCP + name: http + selector: + app: sonarqube + release: custom-image-values.yaml +--- +# Source: sonarqube/charts/postgresql/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: primary + annotations: + namespace: default +spec: + serviceName: custom-image-values.yaml-postgresql-headless + replicas: 1 + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + role: primary + template: + metadata: + name: custom-image-values.yaml-postgresql + labels: + app.kubernetes.io/name: postgresql + helm.sh/chart: postgresql-10.15.0 + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + role: primary + app.kubernetes.io/component: primary + spec: + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/component: primary + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + automountServiceAccountToken: false + containers: + - name: custom-image-values.yaml-postgresql + image: docker.io/bitnami/postgresql:11.14.0-debian-10-r22 + imagePullPolicy: "IfNotPresent" + resources: + limits: + cpu: 2 + memory: 2Gi + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1001 + seccompProfile: + type: RuntimeDefault + env: + - name: BITNAMI_DEBUG + value: "false" + - name: POSTGRESQL_PORT_NUMBER + value: "5432" + - name: POSTGRESQL_VOLUME_DIR + value: "/bitnami/postgresql" + - name: PGDATA + value: "/bitnami/postgresql/data" + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-postgres-password + - name: POSTGRES_USER + value: "sonarUser" + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-password + - name: POSTGRES_DB + value: "sonarDB" + - name: POSTGRESQL_ENABLE_LDAP + value: "no" + - name: POSTGRESQL_ENABLE_TLS + value: "no" + - name: POSTGRESQL_LOG_HOSTNAME + value: "false" + - name: POSTGRESQL_LOG_CONNECTIONS + value: "false" + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: "false" + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: "off" + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: "error" + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: "pgaudit" + ports: + - name: tcp-postgresql + containerPort: 5432 + livenessProbe: + exec: + command: + - /bin/sh + - -c + - exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + - | + exec pg_isready -U "sonarUser" -d "dbname=sonarDB" -h 127.0.0.1 -p 5432 + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 6 + volumeMounts: + - name: dshm + mountPath: /dev/shm + - name: data + mountPath: /bitnami/postgresql + subPath: + volumes: + - name: dshm + emptyDir: + medium: Memory + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "20Gi" +--- +# Source: sonarqube/templates/sonarqube-sts.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: custom-image-values.yaml-sonarqube + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm + app.kubernetes.io/name: sonarqube-custom-image-values.yaml-sonarqube + app.kubernetes.io/instance: custom-image-values.yaml + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/part-of: sonarqube + app.kubernetes.io/component: custom-image-values.yaml-sonarqube + app.kubernetes.io/version: "lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef8" +spec: + replicas: 1 + revisionHistoryLimit: 10 + serviceName: custom-image-values.yaml-sonarqube + selector: + matchLabels: + app: sonarqube + release: custom-image-values.yaml + template: + metadata: + annotations: + checksum/config: f926a88875d46d6ae21526a7732ddc5e9645641a5326eff54bdce8ed9f3c5439 + checksum/init-sysctl: c712248c355bc9c4df5c9c7fc4b2cf09709bee4a6dfe5735cdfdcd32fdfb1e81 + checksum/plugins: a5e9bc3d0c725d8c6ba3f4238b456a0569e3ddfcd6a55b1c8489f8ad51a1ac86 + checksum/secret: 541204b0d78ed829a0134fc68a1820605b844dde96fecde0face80cc77e89c7c + labels: + app: sonarqube + release: custom-image-values.yaml + spec: + automountServiceAccountToken: false + securityContext: + fsGroup: 0 + initContainers: + - name: "wait-for-db" + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + command: ["/bin/bash", "-c"] + args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/custom-image-values.yaml-postgresql/5432) && exit 0; sleep 2;done; exit 1'] + - name: init-sysctl + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + securityContext: + privileged: true + readOnlyRootFilesystem: true + runAsUser: 0 + command: ["/bin/bash", "-e", "/tmp/scripts/init_sysctl.sh"] + volumeMounts: + - name: init-sysctl + mountPath: /tmp/scripts/ + env: + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + containers: + - name: sonarqube + image: sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 9000 + protocol: TCP + resources: + limits: + cpu: 800m + ephemeral-storage: 512000M + memory: 6144M + requests: + cpu: 400m + ephemeral-storage: 1536M + memory: 2048M + env: + - name: SONAR_HELM_CHART_VERSION + value: 10.7.0 + - name: SONAR_JDBC_PASSWORD + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-postgresql + key: postgresql-password + - name: SONAR_WEB_SYSTEMPASSCODE + valueFrom: + secretKeyRef: + name: custom-image-values.yaml-sonarqube-monitoring-passcode + key: SONAR_WEB_SYSTEMPASSCODE + - name: SONAR_WEB_CONTEXT + value: / + - name: SONAR_WEB_JAVAOPTS + value: "" + - name: SONAR_CE_JAVAOPTS + value: "" + envFrom: + - configMapRef: + name: custom-image-values.yaml-sonarqube-jdbc-config + livenessProbe: + exec: + command: + - sh + - -c + - | + wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:9000/api/system/liveness" + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - sh + - -c + - | + #!/bin/bash + # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING + # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. + if wget --no-proxy -qO- http://localhost:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then + exit 0 + fi + exit 1 + failureThreshold: 6 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 1 + startupProbe: + httpGet: + scheme: HTTP + path: /api/system/status + port: http + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 24 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsGroup: 0 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /opt/sonarqube/data + name: sonarqube + subPath: data + - mountPath: /opt/sonarqube/temp + name: sonarqube + subPath: temp + - mountPath: /opt/sonarqube/logs + name: sonarqube + subPath: logs + - mountPath: /tmp + name: tmp-dir + - mountPath: /opt/sonarqube/extensions + name: sonarqube + subPath: extensions + serviceAccountName: default + volumes: + + - name: init-sysctl + configMap: + name: custom-image-values.yaml-sonarqube-init-sysctl + items: + - key: init_sysctl.sh + path: init_sysctl.sh + - name: sonarqube + emptyDir: + {} + - name : tmp-dir + emptyDir: + {} +--- +# Source: sonarqube/templates/tests/sonarqube-test.yaml +apiVersion: v1 +kind: Pod +metadata: + name: "custom-image-values.yaml-ui-test" + annotations: + "helm.sh/hook": test-success + labels: + app: sonarqube + chart: sonarqube-10.7.0 + release: custom-image-values.yaml + heritage: Helm +spec: + automountServiceAccountToken: false + containers: + - name: custom-image-values.yaml-ui-test + image: "sonarqube:lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7" + imagePullPolicy: IfNotPresent + command: ['wget'] + args: [ + '--retry-connrefused', + '--waitretry=1', + '--timeout=5', + '-t', + '12', + '-qO-', + 'custom-image-values.yaml-sonarqube:9000/api/system/status' + ] + resources: + limits: + cpu: 500m + ephemeral-storage: 1000M + memory: 200M + requests: + cpu: 500m + ephemeral-storage: 100M + memory: 200M + restartPolicy: Never diff --git a/tests/unit-compatibility-test/sonarqube-dce/custom-image-values.yaml b/tests/unit-compatibility-test/sonarqube-dce/custom-image-values.yaml new file mode 100644 index 000000000..133b34dc2 --- /dev/null +++ b/tests/unit-compatibility-test/sonarqube-dce/custom-image-values.yaml @@ -0,0 +1,8 @@ +ApplicationNodes: + image: + #Value comming from the user issue + tag: lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 +searchNodes: + image: + #Value comming from the user issue + tag: lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 \ No newline at end of file diff --git a/tests/unit-compatibility-test/sonarqube/custom-image-values.yaml b/tests/unit-compatibility-test/sonarqube/custom-image-values.yaml new file mode 100644 index 000000000..60c8883ee --- /dev/null +++ b/tests/unit-compatibility-test/sonarqube/custom-image-values.yaml @@ -0,0 +1,3 @@ +image: + #Value comming from the user issue + tag: lts-community@sha256:3596d14feb065a31ce84cef60cc3ecfb7b47233ef860fd85c0d4e465f676c9f7 \ No newline at end of file