Skip to content

Commit

Permalink
๐Ÿฟ sonarqube chart ๐Ÿฟ (#10)
Browse files Browse the repository at this point in the history
* ๐Ÿฟ sonarqube chart ๐Ÿฟ

* ๐Ÿง„ lint me ๐Ÿง„
  • Loading branch information
eformat authored Apr 1, 2020
1 parent ea0cafd commit 8274666
Show file tree
Hide file tree
Showing 18 changed files with 1,147 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,6 @@ Session.vim
# Chart dependencies
**/charts/*.tgz

.history
.history

*.tgz
14 changes: 14 additions & 0 deletions charts/sonarqube/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
apiVersion: v1
name: sonarqube
description: SonarQube is an open sourced code quality scanning tool
version: 0.0.4
appVersion: "8.2-community"
home: https://github.com/eformat/charts
keywords:
- coverage
- security
- code
- quality
icon: https://www.sonarqube.org/assets/logo-31ad3115b1b4b120f3d1efd63e6b13ac9f1f89437f0cf6881cc4d8b5603a52b4.svg
maintainers:
- name: eformat
153 changes: 153 additions & 0 deletions charts/sonarqube/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@
# SonarQube

[SonarQube](https://www.sonarqube.org/) is an open sourced code quality scanning tool.

## Introduction

This chart bootstraps a SonarQube instance with a PostgreSQL database.

`Attribution`: A Fork of thie code was taken from here and customized for OpenShift

https://github.com/Oteemo/charts/tree/master/charts/sonarqube

`WIP`: Not all configuration options have been checked against openshift yet

## Installing the chart

To install the chart:

```bash
$ helm repo add rht-labs-charts https://rht-labs.github.io/charts
$ helm install rht-labs-charts/sonarqube
```

The above command deploys Sonarqube on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.

The default login is admin/admin.

## Uninstalling the chart

To uninstall/delete the deployment:

```bash
$ helm delete <name of chart>
```

## Configuration

The following table lists the configurable parameters of the Sonarqube chart and their default values.

| Parameter | Description | Default |
| ------------------------------------- | ---------------------------------------------------------------------------- | ---------------------------------------------- |
| `replicaCount` | Number of replicas deployed | `1` |
| `deploymentStrategy` | Deployment strategy | `{}` |
| `image.repository` | image repository | `sonarqube` |
| `image.tag` | `sonarqube` image tag. | `8.2-community` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `image.pullSecret` | imagePullSecret to use for private repository | |
| `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) |
| `elasticsearch.configureNode` | Modify k8s worker to conform to system requirements | `false` |
| `elasticsearch.bootstrapChecks` | Enables/disables Elasticsearch bootstrap checks | `false` |
| `initContainers` | Enable or Disable the running of all initContainers | `false` (not needed on OpenShift) |
| `ingress.enabled` | Flag for enabling ingress | false |
| `ingress.labels` | Ingress additional labels | `{}` |
| `ingress.hosts[0].name` | Hostname to your SonarQube installation | `sonar.organization.com` |
| `ingress.hosts[0].path` | Path within the URL structure | / |
| `ingress.tls` | Ingress secrets for TLS certificates | `[]` |
| `livenessProbe.sonarWebContext` | SonarQube web context for livenessProbe | / |
| `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | / |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.externalPort` | Kubernetes service port | `9000` |
| `service.internalPort` | Kubernetes container port | `9000` |
| `service.labels` | Kubernetes service labels | None |
| `service.annotations` | Kubernetes service annotations | None |
| `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | None |
| `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None |
| `persistence.enabled` | Flag for enabling persistent storage | false |
| `persistence.annotations` | Kubernetes pvc annotations | `{}` |
| `persistence.existingClaim` | Do not create a new PVC but use this one | None |
| `persistence.storageClass` | Storage class to be used | "" |
| `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` |
| `persistence.size` | Size of the volume | 10Gi |
| `persistence.volumes` | Specify extra volumes. Refer to ".spec.volumes" specification | [] |
| `persistence.mounts` | Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification | [] |
| `serviceAccount.create` | If set to true, create a serviceAccount | false |
| `serviceAccount.name` | Name of the serviceAccount to create/use | `sonarqube-sonarqube` |
| `serviceAccount.annotations` | Additional serviceAccount annotations | `{}` |
| `sonarProperties` | Custom `sonar.properties` file | None |
| `sonarSecretProperties` | Additional `sonar.properties` file to load from a secret | None |
| `caCerts.secret` | Name of the secret containing additional CA certificates | `nil` |
| `jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `""` |
| `env` | Environment variables to attach to the pods | `nil` |
| `sonarSecretKey` | Name of existing secret used for settings encryption | None |
| `sonarProperties` | Custom `sonar.properties` file | `{}` |
| `postgresql.enabled` | Set to `false` to use external server | `true` |
| `postgresql.existingSecret` | Secret containing the password of the external Postgresql server | `null` |
| `postgresql.postgresqlServer` | Hostname of the external Postgresql server | `null` |
| `postgresql.postgresqlUsername` | Postgresql database user | `sonarUser` |
| `postgresql.postgresqlPassword` | Postgresql database password | `sonarPass` |
| `postgresql.postgresqlDatabase` | Postgresql database name | `sonarDB` |
| `postgresql.service.port` | Postgresql port | `5432` |
| `annotations` | Sonarqube Pod annotations | `{}` |
| `resources` | Sonarqube Pod resource requests & limits | `{}` |
| `affinity` | Node / Pod affinities | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
| `hostAliases` | Aliases for IPs in /etc/hosts | `[]` |
| `tolerations` | List of node taints to tolerate | `[]` |
| `plugins.install` | List of plugins to install | `[]` |
| `plugins.lib` | List of plugins to install to `lib/common` | `[]` |
| `plugins.resources` | Plugin Pod resource requests & limits | `{}` |
| `plugins.initContainerImage` | Change init container image | `alpine:3.10.3` |
| `plugins.initSysctlContainerImage` | Change init sysctl container image | `busybox:1.31` |
| `plugins.initVolumesContainerImage` | Change init volumes container image | `busybox:1.31` |
| `plugins.initCertsContainerImage` | Change init ca certs container image | `adoptopenjdk/openjdk11:alpine` |
| `plugins.initTestContainerImage` | Change init test container image | `dduportal/bats:0.4.0` |
| `plugins.deleteDefaultPlugins` | Remove default plugins and use plugins.install list | `[]` |
| `plugins.httpProxy` | For use behind a corporate proxy when downloading plugins | "" |
| `plugins.httpsProxy` | For use behind a corporate proxy when downloading plugins | "" |
| `podLabels` | Map of labels to add to the pods | `{}` |
| `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` |
| `enableTests` | Flag that allows tests to be excluded from generated yaml | true |

For overriding variables see: [Customizing the chart](https://docs.helm.sh/using_helm/#customizing-the-chart-before-installing)

### Use custom `cacerts`

In environments with air-gapped setup, especially with internal tooling (repos) and self-signed certificates it is required to provide an adequate `cacerts` which overrides the default one:

1. Create a yaml file `cacerts.yaml` with a secret that contains one or more keys to represent the certificates that you want including

```yaml
apiVersion: v1
kind: Secret
metadata:
name: my-cacerts
data:
cert-1.crt: |
xxxxxxxxxxxxxxxxxxxxxxx
```
2. Upload your `cacerts.yaml` to a secret in the cluster you are installing Sonarqube to.

```shell
$ kubectl apply -f cacerts.yaml
```

3. Set the following values of the chart:

```yaml
caCerts:
secret: my-cacerts
```

### Elasticsearch Settings

Since SonarQube comes bundled with an Elasticsearch instance, some [bootstrap checks](https://www.elastic.co/guide/en/elasticsearch/reference/master/bootstrap-checks.html) of the host settings are done at start.

This chart offers the option to use an initContainer in privilaged mode to automatically set certain kernel settings on the kube worker. While this can ensure proper functionality of Elasticsearch, modifying the underlying kernel settings on the Kubernetes node can impact other users. It may be best to work with your cluster administrator to either provide specific nodes with the proper kernel settings, or ensure they are set cluster wide.

To enable auto-configuration of the kube worker node, set `elasticsearch.configureNode` to `true`. This is the default behavior, so you do not need to explicitly set this.

This will run `sysctl -w vm.max_map_count=262144` on the worker where the sonarqube pod(s) get scheduled. This needs to be set to `262144` but normally defaults to `65530`. Other kernel settings are recommended by the [docker image](https://hub.docker.com/_/sonarqube/#requirements), but the defaults work fine in most cases.

To disable worker node configuration, set `elasticsearch.configureNode` to `false`. Note that if node configuration is not enabled, then you will likely need to also disable the Elasticsearch bootstrap checks. These can be explicitly disabled by setting `elasticsearch.bootstrapChecks` to `false`.
1 change: 1 addition & 0 deletions charts/sonarqube/requirements.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
# requirements.yaml
38 changes: 38 additions & 0 deletions charts/sonarqube/templates/_helpers.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "sonarqube.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "sonarqube.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name (include "sonarqube.name" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}

{{/*
Create a default fully qualified mysql/postgresql name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "postgresql.fullname" -}}
{{- printf "%s-%s" .Release.Name .Values.appName | trunc 63 | trimSuffix "-" -}}
{{- end -}}

{{/*
Determine the hostname to use for PostgreSQL/mySQL.
*/}}
{{- define "postgresql.hostname" -}}
{{- if .Values.postgresql.enabled -}}
{{- printf "%s-%s" "postgresql" .Values.appName | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s" .Values.postgresql.postgresqlServer -}}
{{- end -}}
{{- end -}}
26 changes: 26 additions & 0 deletions charts/sonarqube/templates/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@

apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-config
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- if and .Values.sonarSecretKey (not .Values.sonarProperties) (not .Values.elasticsearch.bootstrapChecks) }}
sonar.properties: sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt
{{- end }}
{{- if or .Values.sonarProperties (not .Values.elasticsearch.bootstrapChecks) }}
sonar.properties:
{{ range $key, $val := .Values.sonarProperties }}
{{ $key }}={{ $val }}
{{ end }}
{{- if not .Values.elasticsearch.bootstrapChecks }}
sonar.es.bootstrap.checks.disable=true
{{- end }}
{{- end }}
{{- if and .Values.sonarSecretKey .Values.sonarProperties }}
sonar.secretKeyPath={{ .Values.sonarqubeFolder }}/secret/sonar-secret.txt
{{- end }}
33 changes: 33 additions & 0 deletions charts/sonarqube/templates/copy-plugins.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "sonarqube.fullname" . }}-copy-plugins
labels:
app: {{ template "sonarqube.name" . }}
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
copy_plugins.sh: |-
#!/bin/bash
{{- if .Values.plugins.deleteDefaultPlugins }}
rm -f {{ .Values.sonarqubeFolder }}/extensions/plugins/*.jar
{{- end }}
for f in {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/*.jar
do
file=${f##*/} && file=${file%-[0-9]*}
for original in {{ .Values.sonarqubeFolder }}/extensions/plugins/*.jar
do
originalfile=${original##*/} && originalfile=${originalfile%-[0-9]*}
if [ "$originalfile" = "$file" ]; then
rm -f "$original"
fi
done
done
cp {{ .Values.sonarqubeFolder }}/extensions/plugins/tmp/*.jar {{ .Values.sonarqubeFolder }}/extensions/plugins/
{{- if .Values.plugins.lib }}
{{- range $index, $val := .Values.plugins.lib }}
cp -f {{ $.Values.sonarqubeFolder }}/extensions/plugins/{{ $val }} {{ $.Values.sonarqubeFolder }}/lib/common/
{{- end }}
{{- end }}
{{ .Values.sonarqubeFolder }}/bin/run.sh
Loading

0 comments on commit 8274666

Please sign in to comment.