# Source: sonarqube/templates/sonarqube-sts.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: sonar-sonarqube labels: app: sonarqube chart: sonarqube-10.5.1_2816 release: sonar heritage: Helm app.kubernetes.io/name: sonarqube-sonar-sonarqube app.kubernetes.io/instance: sonar app.kubernetes.io/managed-by: Helm app.kubernetes.io/part-of: sonarqube app.kubernetes.io/component: sonar-sonarqube app.kubernetes.io/version: "10.5.1-community" spec: replicas: 1 revisionHistoryLimit: 10 serviceName: sonar-sonarqube selector: matchLabels: app: sonarqube release: sonar template: metadata: labels: app: sonarqube release: sonar annotations: checksum/init-sysctl: f024654d224568f7d00f522ab1f651e593efb55ee745e9624beec68996a4458d checksum/init-fs: 4c8e59703fd03b0281f452e07eb3f3bdab1150a196f823234e641aaa2afb0253 checksum/plugins: 4e5baae46155e41236fcbdf85ea8b9ba3358994284bc26fb45d44a728d2b5c8e checksum/config: 8dfa24e99816e4a8762c59197f8f41e53f8517b2f62d8839b7464952f77ad240 checksum/secret: 11c9bb7cdad024fc7971937b62d5245054c1091fc798528488974ef4bd5b7255 checksum/prometheus-config: 8b558b466ef4f60ab41a25ee83bb1cd6798a7c51aea6c557c75718f8b0527a61 checksum/prometheus-ce-config: 6af690da3580e26dbbfb7d1eea66284f1f52b2cff5db113b8acad5cdb87f4772 spec: automountServiceAccountToken: false securityContext: fsGroup: 0 initContainers: - name: "wait-for-db" image: sonarqube:10.5.1-community imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} command: ["/bin/bash", "-c"] args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/sonar-postgresql/5432) && exit 0; sleep 2;done; exit 1'] - name: init-sysctl image: sonarqube:10.5.1-community imagePullPolicy: IfNotPresent securityContext: privileged: true runAsUser: 0 resources: {} command: ["/bin/bash", "-e", "/tmp/scripts/init_sysctl.sh"] volumeMounts: - name: init-sysctl mountPath: /tmp/scripts/ env: - name: SONAR_WEB_CONTEXT value: / - name: SONAR_WEB_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml - name: SONAR_CE_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml - name: inject-prometheus-exporter image: sonarqube:10.5.1-community imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} command: ["/bin/sh","-c"] args: ["curl -s 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar' --output /data/jmx_prometheus_javaagent.jar -v"] volumeMounts: - mountPath: /data name: sonarqube subPath: data env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: - name: SONAR_WEB_CONTEXT value: / - name: SONAR_WEB_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml - name: SONAR_CE_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml - name: install-plugins image: sonarqube:10.5.1-community imagePullPolicy: IfNotPresent command: ["sh", "-e", "/tmp/scripts/install_plugins.sh"] volumeMounts: - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - name: install-plugins mountPath: /tmp/scripts/ securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault resources: {} env: - name: http_proxy value: - name: https_proxy value: - name: no_proxy value: - name: SONAR_WEB_CONTEXT value: / - name: SONAR_WEB_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml - name: SONAR_CE_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml containers: - name: sonarqube image: sonarqube:10.5.1-community imagePullPolicy: IfNotPresent ports: - name: http containerPort: 9000 protocol: TCP - name: monitoring-web containerPort: 8000 protocol: TCP - name: monitoring-ce containerPort: 8001 protocol: TCP resources: limits: cpu: 800m ephemeral-storage: 512000M memory: 6144M requests: cpu: 400m ephemeral-storage: 1536M memory: 2048M env: - name: SONAR_WEB_CONTEXT value: / - name: SONAR_WEB_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml - name: SONAR_CE_JAVAOPTS value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml - name: SONAR_HELM_CHART_VERSION value: 10.5.1_2816 - name: SONAR_JDBC_PASSWORD valueFrom: secretKeyRef: name: sonar-postgresql key: postgresql-password - name: SONAR_WEB_SYSTEMPASSCODE valueFrom: secretKeyRef: name: sonar-sonarqube-monitoring-passcode key: SONAR_WEB_SYSTEMPASSCODE envFrom: - configMapRef: name: sonar-sonarqube-jdbc-config livenessProbe: exec: command: - sh - -c - | wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:9000/api/system/liveness" initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 readinessProbe: exec: command: - sh - -c - | #!/bin/bash # A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING # status about migration are added to prevent the node to be kill while sonarqube is upgrading the database. if wget --no-proxy -qO- http://localhost:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then exit 0 fi exit 1 initialDelaySeconds: 60 periodSeconds: 30 failureThreshold: 6 timeoutSeconds: 1 startupProbe: httpGet: scheme: HTTP path: /api/system/status port: http initialDelaySeconds: 30 periodSeconds: 10 failureThreshold: 24 timeoutSeconds: 1 securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsGroup: 0 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumeMounts: - mountPath: /opt/sonarqube/data name: sonarqube subPath: data - mountPath: /opt/sonarqube/extensions/plugins name: sonarqube subPath: extensions/plugins - mountPath: /opt/sonarqube/temp name: sonarqube subPath: temp - mountPath: /opt/sonarqube/logs name: sonarqube subPath: logs - mountPath: /tmp name: tmp-dir - mountPath: /opt/sonarqube/conf/prometheus-config.yaml subPath: prometheus-config.yaml name: prometheus-config - mountPath: /opt/sonarqube/conf/prometheus-ce-config.yaml subPath: prometheus-ce-config.yaml name: prometheus-ce-config serviceAccountName: default volumes: - name: init-sysctl configMap: name: sonar-sonarqube-init-sysctl items: - key: init_sysctl.sh path: init_sysctl.sh - name: init-fs configMap: name: sonar-sonarqube-init-fs items: - key: init_fs.sh path: init_fs.sh - name: install-plugins configMap: name: sonar-sonarqube-install-plugins items: - key: install_plugins.sh path: install_plugins.sh - name: prometheus-config configMap: name: sonar-sonarqube-prometheus-config items: - key: prometheus-config.yaml path: prometheus-config.yaml - name: prometheus-ce-config configMap: name: sonar-sonarqube-prometheus-ce-config items: - key: prometheus-ce-config.yaml path: prometheus-ce-config.yaml - name: sonarqube emptyDir: {} - name : tmp-dir emptyDir: {}