resource "kubectl_manifest" "Deployment_sonar-sonarqube" { yaml_body = <<-EOF apiVersion: apps/v1 kind: Deployment metadata: name: "${var.instance}-${var.component}" labels: ${jsonencode(local.sonar_all_labels)} namespace: ${var.namespace} spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: ${jsonencode(local.sonar_labels)} template: metadata: labels: ${jsonencode(local.sonar_labels)} spec: securityContext: fsGroup: 0 initContainers: - name: init-sysctl image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" imagePullPolicy: ${var.images.sonar.pull_policy} securityContext: privileged: true runAsUser: 0 command: ["/bin/bash","-e","/tmp/scripts/init_sysctl.sh"] volumeMounts: - name: scripts mountPath: /tmp/scripts/ - name: wait-for-db image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" imagePullPolicy: ${var.images.sonar.pull_policy} securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault command: ["/bin/bash", "-c"] args: ["set -o pipefail;for i in {1..200};do (echo > /dev/tcp/${var.instance}-${var.component}-pg-rw/5432) && exit 0; sleep 2;done; exit 1"] - name: configure image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" imagePullPolicy: ${var.images.sonar.pull_policy} command: ["/bin/bash","-e","/tmp/scripts/install_plugins.sh"] volumeMounts: - mountPath: /data name: sonarqube subPath: data - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - name: scripts mountPath: /tmp/scripts/ securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault envFrom: - configMapRef: name: ${kubectl_manifest.cm_env.name} env: - name: http_proxy value: null - name: https_proxy value: null - name: no_proxy value: null containers: - name: sonarqube image: "${var.images.sonar.registry}/${var.images.sonar.repository}:${var.images.sonar.tag}" imagePullPolicy: ${var.images.sonar.pull_policy} ports: - name: http containerPort: 9000 protocol: TCP - name: monitoring-web containerPort: 8000 protocol: TCP - name: monitoring-ce containerPort: 8001 protocol: TCP resources: limits: ${jsonencode(var.resources.limits)} requests: ${jsonencode(var.resources.requests)} env: - name: SONAR_JDBC_PASSWORD valueFrom: secretKeyRef: name: ${var.instance}-${var.component}-pg-app key: password envFrom: - secretRef: name: ${kubectl_manifest.secret.name} - configMapRef: name: ${kubectl_manifest.cm_env.name} livenessProbe: exec: command: - sh - -c - | wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:9000/api/system/liveness" initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 readinessProbe: exec: command: - sh - -c - | #!/bin/bash if wget --no-proxy -qO- http://localhost:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 startupProbe: httpGet: scheme: HTTP path: /api/system/status port: http initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 24 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /opt/sonarqube/data name: sonarqube subPath: data - mountPath: /opt/sonarqube/extensions name: sonarqube subPath: extensions - mountPath: /opt/sonarqube/temp name: sonarqube subPath: temp - mountPath: /opt/sonarqube/logs name: sonarqube subPath: logs - mountPath: /tmp name: tmp-dir - mountPath: /opt/sonarqube/conf/sonar.properties subPath: sonar.properties name: files - mountPath: /opt/sonarqube/conf/prometheus-config.yaml subPath: prometheus-config.yaml name: files - mountPath: /opt/sonarqube/conf/prometheus-ce-config.yaml subPath: prometheus-ce-config.yaml name: files serviceAccountName: default volumes: - name: scripts configMap: name: ${kubectl_manifest.cm_scripts.name} defaultMode: 0755 items: - key: init_sysctl.sh path: init_sysctl.sh - key: install_plugins.sh path: install_plugins.sh - name: files configMap: name: ${kubectl_manifest.cm_files.name} defaultMode: 0644 items: - key: prometheus-config.yaml path: prometheus-config.yaml - key: prometheus-ce-config.yaml path: prometheus-ce-config.yaml - name: sonarqube persistentVolumeClaim: claimName: ${kubectl_manifest.pvc.name} - name: tmp-dir emptyDir: {} EOF }