SONAR-18974 address helm $ vs . context usage misuse

charts/sonarqube-dce/CHANGELOG.md

@@ -8,6 +8,7 @@ All changes to this chart will be documented in this file.
 * Update the Chart's icon with the SonarQube Server logo
 * Fix ENV variables not fetched when using extraConfig.configmaps
 * Deprecate `ApplicationNodes` in favor of `applicationNodes`, fixing naming convention typo
+* Replace helm top level '$' by '.' when not necessary
 
 ## [10.7.0]
 * Update Chart's version to 10.7.0

charts/sonarqube-dce/Chart.yaml

@@ -39,6 +39,8 @@ annotations:
       description: "Fix ENV variables not fetched when using extraConfig.configmaps"
     - kind: changed
       description: "Deprecate `ApplicationNodes` in favor of `applicationNodes`, fixing naming convention typo"
+    - kind: changed
+      description: "Replace helm top level '$' by '.' when not necessary"
   artifacthub.io/links: |
     - name: support
       url: https://community.sonarsource.com/

charts/sonarqube-dce/templates/change-admin-password-hook.yml

@@ -53,7 +53,7 @@ spec:
     {{- end }}
       containers:
       - name: {{ template "sonarqube.fullname" . }}-change-default-admin-password
-        image: {{ default (include "sonarqube.image" $) .Values.curlContainerImage }}
+        image: {{ default (include "sonarqube.image" .) .Values.curlContainerImage }}
         {{- with (default (fromYaml (include "sonarqube.initContainersSecurityContext" .)) .Values.account.securityContext) }}
         securityContext: {{- toYaml . | nindent 12 }}
         {{- end }}

charts/sonarqube-dce/templates/sonarqube-application.yaml

@@ -70,7 +70,7 @@ spec:
       {{- end }}
       {{- if .Values.postgresql.enabled }}
         - name: "wait-for-db"
-          image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initContainers.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           {{- with (include "sonarqube.initContainersSecurityContext" .) }}
           securityContext: {{- . | nindent 12 }}
@@ -82,7 +82,7 @@ spec:
       {{- end }}
       {{- if .Values.caCerts.enabled }}
         - name: ca-certs
-          image: {{ default (include "sonarqube.image" $) .Values.caCerts.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.caCerts.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           command: ["sh"]
           args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
@@ -104,7 +104,7 @@ spec:
       {{- end }}
       {{- if or .Values.ApplicationNodes.sonarProperties .Values.ApplicationNodes.sonarSecretProperties .Values.sonarSecretKey }}
         - name: concat-properties
-          image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initContainers.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           command: 
           - sh
@@ -145,15 +145,15 @@ spec:
       {{- end }}
       {{- if .Values.ApplicationNodes.prometheusExporter.enabled }}
         - name: inject-prometheus-exporter
-          image: {{ default (include "sonarqube.image" $) .Values.ApplicationNodes.prometheusExporter.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.ApplicationNodes.prometheusExporter.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           {{- with (default (fromYaml (include "sonarqube.initContainersSecurityContext" .)) .Values.ApplicationNodes.prometheusExporter.securityContext) }}
           securityContext: {{- toYaml . | nindent 12 }}
           {{- end }}
           resources:
 {{ toYaml (default .Values.initContainers.resources .Values.ApplicationNodes.prometheusExporter.resources) | indent 12 }}
           command: ["/bin/sh","-c"]
-          args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if $.Values.ApplicationNodes.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
+          args: ["curl -s '{{ template "prometheusExporter.downloadURL" . }}' {{ if .Values.ApplicationNodes.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
           volumeMounts:
             - mountPath: /data
               name: sonarqube
@@ -168,7 +168,7 @@ spec:
       {{- end }}
       {{- if .Values.ApplicationNodes.plugins.install }}
         - name: install-plugins
-          image: {{ default (include "sonarqube.image" $) .Values.ApplicationNodes.plugins.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.ApplicationNodes.plugins.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           command: ["sh",
             "-e",
@@ -198,7 +198,7 @@ spec:
       {{- end }}
       {{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.url }}
         - name: install-oracle-jdbc-driver
-          image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initContainers.image }}
           imagePullPolicy: {{ .Values.ApplicationNodes.image.pullPolicy  }}
           command: ["sh", "-e", "/tmp/scripts/install_oracle_jdbc_driver.sh"]
           {{- with (default (fromYaml (include "sonarqube.initContainersSecurityContext" .)) .Values.initContainers.securityContext) }}

charts/sonarqube-dce/templates/sonarqube-search.yaml

@@ -94,7 +94,7 @@ spec:
       {{- end }}
       {{- if and .Values.initSysctl.enabled (not .Values.OpenShift.enabled) }}
         - name: init-sysctl
-          image: {{ default (include "sonarqube.image" $) .Values.initSysctl.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initSysctl.image }}
           imagePullPolicy: {{ .Values.searchNodes.image.pullPolicy  }}
           {{- with (default (fromYaml (include "sonarqube.initContainersSecurityContext" .)) (.Values.initSysctl.securityContext )) }}
           securityContext: {{- toYaml . | nindent 12 }}
@@ -114,7 +114,7 @@ spec:
       {{- end }}
       {{- if .Values.caCerts.enabled }}
         - name: ca-certs
-          image: {{ default (include "sonarqube.image" $) .Values.caCerts.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.caCerts.image }}
           imagePullPolicy: {{ .Values.searchNodes.image.pullPolicy  }}
           command: ["sh"]
           args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
@@ -136,7 +136,7 @@ spec:
       {{- end }}
       {{- if or .Values.searchNodes.sonarProperties .Values.searchNodes.sonarSecretProperties .Values.sonarSecretKey }}
         - name: concat-properties
-          image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initContainers.image }}
           imagePullPolicy: {{ .Values.searchNodes.image.pullPolicy  }}
           command: 
           - sh
@@ -177,7 +177,7 @@ spec:
       {{- end }}
       {{- if and .Values.searchNodes.persistence.enabled .Values.initFs.enabled (not .Values.OpenShift.enabled) }}
         - name: init-fs
-          image: {{ default (include "sonarqube.image" $) .Values.initFs.image }}
+          image: {{ default (include "sonarqube.image" .) .Values.initFs.image }}
           imagePullPolicy: {{ .Values.searchNodes.image.pullPolicy  }}
           {{- with (default (fromYaml (include "sonarqube.initContainersSecurityContext" .)) .Values.initFs.securityContext) }}
           securityContext: {{- toYaml . | nindent 12 }}

tests/unit-compatibility-test/fixtures/sonarqube-dce/install-plugins-values.yaml

@@ -185,7 +185,7 @@ data:
   install_plugins.sh: |-
       rm -f /opt/sonarqube/extensions/plugins/*
       cd /opt/sonarqube/extensions/plugins
-      curl   -fsSLO "https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar"
+      curl --insecure  -fsSLO "https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar"
 ---
 # Source: sonarqube-dce/templates/jdbc-config.yaml
 apiVersion: v1
@@ -387,7 +387,7 @@ spec:
         release: install-plugins-values.yaml
         sonarqube.datacenter/type: "app"
       annotations:
-        checksum/plugins: 8f78e33306936db37ff419731984a50fd85dd6fed7eb213c1f2b1d35f22306e7
+        checksum/plugins: 237c1ab6cadafcf1e56a935d3ef7bef5ab487883ce3af5321475b6c2cf821caf
         checksum/config: 1827a191bdf5ac5e84e2d6dd85d5f9adc37e1ef5ca5ea6fd4de06ab32298ccec
         checksum/secret: b1711a602d215f6282077df23d2a2857c8e77824667cb0eaff6c29476c0f12a4
     spec:

tests/unit-compatibility-test/fixtures/sonarqube-dce/prometheus-monitoring-values.yaml

@@ -198,6 +198,36 @@ data:
   SONAR_JDBC_USERNAME: "sonarUser"
   SONAR_JDBC_URL: "jdbc:postgresql://prometheus-monitoring-values.yaml-postgresql:5432/sonarDB"
 ---
+# Source: sonarqube-dce/templates/prometheus-ce-config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prometheus-monitoring-values.yaml-sonarqube-dce-prometheus-ce-config
+  labels:
+    app: sonarqube-dce
+    chart: sonarqube-dce-10.8.0
+    release: prometheus-monitoring-values.yaml
+    heritage: Helm
+data:
+  prometheus-ce-config.yaml: |-
+        rules:
+        - pattern: .*
+---
+# Source: sonarqube-dce/templates/prometheus-config.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: prometheus-monitoring-values.yaml-sonarqube-dce-prometheus-config
+  labels:
+    app: sonarqube-dce
+    chart: sonarqube-dce-10.8.0
+    release: prometheus-monitoring-values.yaml
+    heritage: Helm
+data:
+  prometheus-config.yaml: |-
+        rules:
+        - pattern: .*
+---
 # Source: sonarqube-dce/charts/postgresql/templates/svc-headless.yaml
 apiVersion: v1
 kind: Service
@@ -387,6 +417,8 @@ spec:
         checksum/plugins: 3e7bab118270ba41a01162ad9b922a6e0999836f91b4639d2c732d65fe9d28e8
         checksum/config: 13bf9f27ef611af2bcac99f6769fe5f8a9913788bcfaf012e15914d7616e4f88
         checksum/secret: 86515267e5967d1c719b0304f4477b3b629b9df96d2b1c2cb5fb6030dbf1605b
+        checksum/prometheus-config: 41bf4ae92953cbd6ea2213f64fdf1c8c46474e1511be33640366193d935a9254
+        checksum/prometheus-ce-config: 2dba0f0f5252c2229adfd24e9f461f278f4048aabc9411a3f7dcde0844a5716a
     spec:
       automountServiceAccountToken: false
       initContainers:
@@ -408,6 +440,44 @@ spec:
             {}
           command: ["/bin/bash", "-c"]
           args: ['set -o pipefail;for i in {1..200};do (echo > /dev/tcp/prometheus-monitoring-values.yaml-postgresql/5432) && exit 0; sleep 2;done; exit 1']
+        - name: inject-prometheus-exporter
+          image: sonarqube:10.7.0-datacenter-app
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsNonRoot: true
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+          resources:
+            {}
+          command: ["/bin/sh","-c"]
+          args: ["curl -s 'https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.17.2/jmx_prometheus_javaagent-0.17.2.jar' --insecure --output /data/jmx_prometheus_javaagent.jar -v"]
+          volumeMounts:
+            - mountPath: /data
+              name: sonarqube
+              subPath: data
+          env:
+            - name: http_proxy
+              valueFrom:
+                secretKeyRef:
+                  name: prometheus-monitoring-values.yaml-sonarqube-dce-http-proxies
+                  key: PROMETHEUS-EXPORTER-HTTP-PROXY
+            - name: https_proxy
+              valueFrom:
+                secretKeyRef:
+                  name: prometheus-monitoring-values.yaml-sonarqube-dce-http-proxies
+                  key: PROMETHEUS-EXPORTER-HTTPS-PROXY
+            - name: no_proxy
+              valueFrom:
+                secretKeyRef:
+                  name: prometheus-monitoring-values.yaml-sonarqube-dce-http-proxies
+                  key: PROMETHEUS-EXPORTER-NO-PROXY
       securityContext:
         fsGroup: 0
       containers:
@@ -418,6 +488,12 @@ spec:
             - name: http
               containerPort: 9000
               protocol: TCP
+            - name: monitoring-web
+              containerPort: 8000
+              protocol: TCP
+            - name: monitoring-ce
+              containerPort: 8001
+              protocol: TCP
             - name: hazelcast
               containerPort: 9003
               protocol: TCP
@@ -434,9 +510,9 @@ spec:
             - name: SONAR_WEB_CONTEXT
               value: /
             - name: SONAR_WEB_JAVAOPTS
-              value: ""
+              value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8000:/opt/sonarqube/conf/prometheus-config.yaml
             - name: SONAR_CE_JAVAOPTS
-              value: ""
+              value: -javaagent:/opt/sonarqube/data/jmx_prometheus_javaagent.jar=8001:/opt/sonarqube/conf/prometheus-ce-config.yaml
             - name: SONAR_HELM_CHART_VERSION
               value: 10.8.0
             - name: SONAR_LOG_JSONOUTPUT
@@ -530,6 +606,12 @@ spec:
               subPath: logs
             - mountPath: /tmp
               name: tmp-dir
+            - mountPath: /opt/sonarqube/conf/prometheus-config.yaml
+              subPath: prometheus-config.yaml
+              name: prometheus-config
+            - mountPath: /opt/sonarqube/conf/prometheus-ce-config.yaml
+              subPath: prometheus-ce-config.yaml
+              name: prometheus-ce-config
       serviceAccountName: default
       volumes:
 
@@ -539,6 +621,18 @@ spec:
           items:
             - key: install_plugins.sh
               path: install_plugins.sh
+      - name: prometheus-config
+        configMap:
+          name: prometheus-monitoring-values.yaml-sonarqube-dce-prometheus-config
+          items:
+            - key: prometheus-config.yaml
+              path: prometheus-config.yaml
+      - name: prometheus-ce-config
+        configMap:
+          name: prometheus-monitoring-values.yaml-sonarqube-dce-prometheus-ce-config
+          items:
+            - key: prometheus-ce-config.yaml
+              path: prometheus-ce-config.yaml
       - name: sonarqube
         emptyDir:
           {}
@@ -968,6 +1062,16 @@ spec:
     bearerTokenSecret:
       name: prometheus-monitoring-values.yaml-sonarqube-dce-monitoring-passcode
       key: SONAR_WEB_SYSTEMPASSCODE
+  - port: monitoring-ce
+    path: /
+    scheme: http
+    interval: 30s
+    scrapeTimeout: 30s
+  - port: monitoring-web
+    path: /
+    scheme: http
+    interval: 30s
+    scrapeTimeout: 30s
 ---
 # Source: sonarqube-dce/templates/tests/sonarqube-test.yaml
 apiVersion: v1

tests/unit-compatibility-test/sonarqube-dce/install-plugins-values.yaml

@@ -1,5 +1,6 @@
 ApplicationNodes:
   plugins:
+    noCheckCertificate: true
     install:
       - "https://github.com/sbaudoin/sonar-yaml/releases/download/v1.7.0/sonar-yaml-plugin-1.7.0.jar"
     httpProxy: "http://someProxy"

tests/unit-compatibility-test/sonarqube-dce/prometheus-monitoring-values.yaml

@@ -1,4 +1,7 @@
 ApplicationNodes:
+  prometheusExporter:
+    enabled: true
+    noCheckCertificate: true
   prometheusMonitoring:
     # Generate a Prometheus Pod Monitor (https://github.com/coreos/prometheus-operator)
     #