# Source: sonarqube/templates/sonarqube-sts.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: sonar-sonarqube labels: app: sonarqube chart: sonarqube-10.4.0_2288 release: sonar heritage: Helm app.kubernetes.io/name: sonarqube-sonar-sonarqube app.kubernetes.io/instance: sonar app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: sonar-sonarqube app.kubernetes.io/version: "10.4.0-community" spec: replicas: 1 revisionHistoryLimit: 10 serviceName: sonar-sonarqube selector: matchLabels: app: sonarqube release: sonar template: metadata: labels: app: sonarqube release: sonar annotations: checksum/init-sysctl: a12e75ed1a8c3b06d9caf75f108948bde1e6cf6210bb3035994c8d4fdb9e1f39 checksum/init-fs: 36564fb78d2715ef7f589fd3df9b29b970835c4f265186a47fbb0f1f8ce35c7e checksum/plugins: db3ffc7959ef0fc65edbd6803efe5cfa5bed57043487c5d29af43708459ce9fd checksum/config: ead0105b73e0ab65eebc0f041f2c07af74aab9f4e121ada0b788b5e287bc1132 checksum/secret: 14fc9b43c5d5c61345694c7c8a2cab4fdee67d198dfec45498f58eb7a30b283d checksum/prometheus-config: 79e17e350acb6b7a07c0204a52a6fe22bcb4c38b9f8339d15757f040698774dc checksum/prometheus-ce-config: ef57c8341973db7eb712730278966b61b4aa23721f65f5e0e51a9012a6a7b28b spec: securityContext: fsGroup: 0 initContainers: - name: "wait-for-db" image: sonarqube:10.4.0-community imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} command: ["/bin/bash", "-c"] args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-postgresql/5432) && exit 0; sleep 2;done; exit 1'] - name: init-sysctl image: sonarqube:10.4.0-community imagePullPolicy: IfNotPresent securityContext: privileged: true runAsUser: 0 resources: {} command: ["/bin/bash", "-e", "/tmp/scripts/init_sysctl.sh"] volumeMounts: - name: init-sysctl mountPath: /tmp/scripts/ - name: inject-prometheus-exporter image: sonarqube:10.4.0-community imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} command: ["/bin/sh","-c"] args: ["curl -s 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar' --output /data/jmx_prometheus_javaagent.jar -v"] volumeMounts: - mountPath: /data name: sonarqube subPath: data env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: - name: install-plugins image: sonarqube:10.4.0-community imagePullPolicy: IfNotPresent command: ["sh", "-e", "/tmp/scripts/install_plugins.sh"] volumeMounts: - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - name: install-plugins mountPath: /tmp/scripts/ securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: containers: - name: sonarqube image: sonarqube:10.4.0-community imagePullPolicy: IfNotPresent ports: - name: http containerPort: 9000 protocol: TCP - name: monitoring-web containerPort: 8000 protocol: TCP - name: monitoring-ce containerPort: 8001 protocol: TCP resources: limits: cpu: 800m memory: 4Gi requests: cpu: 400m memory: 2Gi env: - name: SONAR_HELM_CHART_VERSION value: 10.4.0_2288 - name: SONAR_WEB_JAVAOPTS value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml" - name: SONAR_WEB_CONTEXT value: / - name: SONAR_CE_JAVAOPTS value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml" - name: SONAR_JDBC_PASSWORD valueFrom: secretKeyRef: name: sonar-postgresql key: postgresql-password - name: SONAR_WEB_SYSTEMPASSCODE valueFrom: secretKeyRef: name: sonar-sonarqube-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE envFrom: - configMapRef: name: sonar-sonarqube-jdbc-config livenessProbe: exec: command: - sh - -c - | host="$(hostname -i || echo '127.0.0.1')" wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:9000/api/system/liveness" initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 readinessProbe: exec: command: - sh - -c - | #!/bin/bash # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. host="$(hostname -i || echo '127.0.0.1')" if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 startupProbe: httpGet: scheme: HTTP path: /api/system/status port: http initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 24 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /opt/sonarqube/data name: sonarqube subPath: data - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - mountPath: /opt/sonarqube/temp name: sonarqube subPath: temp - mountPath: /opt/sonarqube/logs name: sonarqube subPath: logs - mountPath: /tmp name: tmp-dir - mountPath: /opt/sonarqube/conf/prometheus-config.yaml subPath: prometheus-config.yaml name: prometheus-config - mountPath: /opt/sonarqube/conf/prometheus-ce-config.yaml subPath: prometheus-ce-config.yaml name: prometheus-ce-config serviceAccountName: default volumes: - name: init-sysctl configMap: name: sonar-sonarqube-init-sysctl items: - key: init_sysctl.sh path: init_sysctl.sh - name: init-fs configMap: name: sonar-sonarqube-init-fs items: - key: init_fs.sh path: init_fs.sh - name: install-plugins configMap: name: sonar-sonarqube-install-plugins items: - key: install_plugins.sh path: install_plugins.sh - name: prometheus-config configMap: name: sonar-sonarqube-prometheus-config items: - key: prometheus-config.yaml path: prometheus-config.yaml - name: prometheus-ce-config configMap: name: sonar-sonarqube-prometheus-ce-config items: - key: prometheus-ce-config.yaml path: prometheus-ce-config.yaml - name: sonarqube emptyDir: {} - name : tmp-dir emptyDir: {}