# Source: sonarqube/templates/sonarqube-sts.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: sonar-sonarqube labels: app: sonarqube chart: sonarqube-10.2.1_800 release: sonar heritage: Helm app.kubernetes.io/name: sonarqube-sonar-sonarqube app.kubernetes.io/instance: sonar app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: sonar-sonarqube app.kubernetes.io/version: "10.2.1-community" spec: replicas: 1 serviceName: sonar-sonarqube selector: matchLabels: app: sonarqube release: sonar template: metadata: labels: app: sonarqube release: sonar annotations: checksum/init-sysctl: cee36a3c219877f5e5283c33ac42dd45ab515536473d11327c3fb16451fcf389 checksum/init-fs: e91ea63db7f365c895f20cd1aa88f5ddbfcc2673527e33ba18b7f0dcb21d8699 checksum/plugins: 81e69508572a0af41c9f523d7e3fa65c76d7808be29b9313b6d627230c64837f checksum/config: 62f22fcd909503d99971789b55a68daa5265a47a2d16a30943a6b01c8510978f checksum/secret: 6bc1c9a02ff03ca932d573bccf2803e0b3a46df7466f4cdff80a3716fab6c5f2 checksum/prometheus-config: f7ab66f106b162963a4b644166c9755dd34eca76f8bbe57e4d11ce61e7e055af checksum/prometheus-ce-config: 767e03641f6a1999c70f373b40fc2a348a36697cfc75a97d245021e68d30606a spec: securityContext: fsGroup: 1000 initContainers: - name: "wait-for-db" image: busybox:1.32 imagePullPolicy: IfNotPresent resources: {} command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 sonar-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] - name: init-sysctl image: busybox:1.32 imagePullPolicy: IfNotPresent securityContext: privileged: true resources: {} command: ["sh", "-e", "/tmp/scripts/init_sysctl.sh"] volumeMounts: - name: init-sysctl mountPath: /tmp/scripts/ - name: inject-prometheus-exporter image: curlimages/curl:8.2.0 imagePullPolicy: IfNotPresent securityContext: runAsGroup: 1000 runAsUser: 1000 resources: {} command: ["/bin/sh","-c"] args: ["curl -s 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar' --output /data/jmx_prometheus_javaagent.jar -v"] volumeMounts: - mountPath: /data name: sonarqube subPath: data env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: - name: install-plugins image: curlimages/curl:8.2.0 imagePullPolicy: IfNotPresent command: ["sh", "-e", "/tmp/scripts/install_plugins.sh"] volumeMounts: - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - name: install-plugins mountPath: /tmp/scripts/ securityContext: runAsGroup: 1000 runAsUser: 1000 resources: {} env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: containers: - name: sonarqube image: "sonarqube:10.2.1-community" imagePullPolicy: IfNotPresent ports: - name: http containerPort: 9000 protocol: TCP - name: monitoring-web containerPort: 8000 protocol: TCP - name: monitoring-ce containerPort: 8001 protocol: TCP resources: limits: cpu: 800m memory: 4Gi requests: cpu: 400m memory: 2Gi env: - name: SONAR_HELM_CHART_VERSION value: 10.2.1_800 - name: SONAR_WEB_JAVAOPTS value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml" - name: SONAR_WEB_CONTEXT value: / - name: SONAR_CE_JAVAOPTS value: "-javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml" - name: SONAR_JDBC_PASSWORD valueFrom: secretKeyRef: name: sonar-postgresql key: postgresql-password - name: SONAR_WEB_SYSTEMPASSCODE valueFrom: secretKeyRef: name: sonar-sonarqube-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE envFrom: - configMapRef: name: sonar-sonarqube-jdbc-config livenessProbe: exec: command: - sh - -c - | host="$(hostname -i || echo '127.0.0.1')" wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://${host}:9000/api/system/liveness" initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 readinessProbe: exec: command: - sh - -c - | #!/bin/bash # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. host="$(hostname -i || echo '127.0.0.1')" if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 startupProbe: httpGet: scheme: HTTP path: /api/system/status port: http initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 24 timeoutSeconds: 1 securityContext: runAsUser: 1000 volumeMounts: - mountPath: /opt/sonarqube/data name: sonarqube subPath: data - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - mountPath: /opt/sonarqube/temp name: sonarqube subPath: temp - mountPath: /opt/sonarqube/logs name: sonarqube subPath: logs - mountPath: /tmp name: tmp-dir - mountPath: /opt/sonarqube/conf/prometheus-config.yaml subPath: prometheus-config.yaml name: prometheus-config - mountPath: /opt/sonarqube/conf/prometheus-ce-config.yaml subPath: prometheus-ce-config.yaml name: prometheus-ce-config serviceAccountName: default volumes: - name: init-sysctl configMap: name: sonar-sonarqube-init-sysctl items: - key: init_sysctl.sh path: init_sysctl.sh - name: init-fs configMap: name: sonar-sonarqube-init-fs items: - key: init_fs.sh path: init_fs.sh - name: install-plugins configMap: name: sonar-sonarqube-install-plugins items: - key: install_plugins.sh path: install_plugins.sh - name: prometheus-config configMap: name: sonar-sonarqube-prometheus-config items: - key: prometheus-config.yaml path: prometheus-config.yaml - name: prometheus-ce-config configMap: name: sonar-sonarqube-prometheus-ce-config items: - key: prometheus-ce-config.yaml path: prometheus-ce-config.yaml - name: sonarqube emptyDir: {} - name : tmp-dir emptyDir: {}