duynguyen/k8s-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add sonarqube

Browse Source
This commit is contained in:
duynguyen
2026-04-27 21:52:01 +07:00
parent 142dd15922
commit e42544c877
256 changed files with 12484 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

486
manifest/sonarqube/templates/_pod.tpl Normal file
View File

@@ -0,0 +1,486 @@
{{- define "sonarqube.pod" -}}
metadata:
annotations:
checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }}
{{- if and .Values.persistence.enabled .Values.initFs.enabled (not .Values.OpenShift.enabled) }}
checksum/init-fs: {{ include (print $.Template.BasePath "/init-fs.yaml") . | sha256sum }}
{{- end }}
{{- if and .Values.initSysctl.enabled (not .Values.OpenShift.enabled) }}
checksum/init-sysctl: {{ include (print $.Template.BasePath "/init-sysctl.yaml") . | sha256sum }}
{{- end }}
checksum/plugins: {{ include (print $.Template.BasePath "/install-plugins.yaml") . | sha256sum }}
checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
{{- if .Values.prometheusExporter.enabled }}
checksum/prometheus-config: {{ include (print $.Template.BasePath "/prometheus-config.yaml") . | sha256sum }}
checksum/prometheus-ce-config: {{ include (print $.Template.BasePath "/prometheus-ce-config.yaml") . | sha256sum }}
{{- end }}
{{- with .Values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "sonarqube.selectorLabels" . | nindent 4 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
automountServiceAccountToken: {{ .Values.serviceAccount.automountToken }}
{{- with .Values.schedulerName }}
schedulerName: {{ . }}
{{- end }}
{{- with (include "sonarqube.securityContext" .) }}
securityContext: {{- . | nindent 4 }}
{{- end }}
{{- if or .Values.image.pullSecrets .Values.image.pullSecret }}
imagePullSecrets:
{{- if .Values.image.pullSecret }}
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{- with .Values.image.pullSecrets }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
initContainers:
{{- if .Values.extraInitContainers }}
{{- toYaml .Values.extraInitContainers | nindent 4 }}
{{- end }}
{{- if .Values.caCerts.enabled }}
- name: ca-certs
image: {{ default (include "sonarqube.image" $) .Values.caCerts.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh"]
args: ["-c", "cp -f \"${JAVA_HOME}/lib/security/cacerts\" /tmp/certs/cacerts; if [ \"$(ls /tmp/secrets/ca-certs)\" ]; then for f in /tmp/secrets/ca-certs/*; do keytool -importcert -file \"${f}\" -alias \"$(basename \"${f}\")\" -keystore /tmp/certs/cacerts -storepass changeit -trustcacerts -noprompt; done; fi;"]
{{- with (include "sonarqube.initContainerSecurityContext" .) }}
securityContext: {{- . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
- mountPath: /tmp/certs
name: sonarqube
subPath: certs
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
env:
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if and (or .Values.initSysctl.enabled .Values.elasticsearch.configureNode) (not .Values.OpenShift.enabled) }}
- name: init-sysctl
image: {{ default (include "sonarqube.image" $) .Values.initSysctl.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with (default (fromYaml (include "sonarqube.initContainerSecurityContext" .)) (.Values.initSysctl.securityContext )) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.initContainers.resources .Values.initSysctl.resources) }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
command: ["/bin/bash", "-e", "/tmp/scripts/init_sysctl.sh"]
volumeMounts:
- name: init-sysctl
mountPath: /tmp/scripts/
env:
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- name: concat-properties
image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
#!/bin/sh
if [ -f /tmp/props/sonar.properties ]; then
cat /tmp/props/sonar.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/secret.properties ]; then
cat /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
if [ -f /tmp/props/sonar.properties -a -f /tmp/props/secret.properties ]; then
awk 1 /tmp/props/sonar.properties /tmp/props/secret.properties > /tmp/result/sonar.properties
fi
volumeMounts:
- mountPath: /tmp/result
name: concat-dir
{{- if or .Values.sonarProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: /tmp/props/sonar.properties
name: config
subPath: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- mountPath: /tmp/props/secret.properties
name: secret-config
subPath: secret.properties
{{- end }}
{{- with (include "sonarqube.initContainerSecurityContext" .) }}
securityContext: {{- . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: inject-prometheus-exporter
image: {{ default (include "sonarqube.image" $) .Values.prometheusExporter.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with (default (fromYaml (include "sonarqube.initContainerSecurityContext" .)) .Values.prometheusExporter.securityContext) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.initContainers.resources .Values.prometheusExporter.resources)}}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
command: ["/bin/sh", "-c"]
args: ["curl -s '{{ include "prometheusExporter.downloadURL" . }}' {{ if $.Values.prometheusExporter.noCheckCertificate }}--insecure{{ end }} --output /data/jmx_prometheus_javaagent.jar -v"]
volumeMounts:
- mountPath: /data
name: sonarqube
subPath: data
env:
{{- with (include "sonarqube.prometheusExporterProxy.env" .) }}
{{- . | nindent 8 }}
{{- end }}
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if and .Values.persistence.enabled .Values.initFs.enabled (not .Values.OpenShift.enabled) }}
- name: init-fs
image: {{ default (include "sonarqube.image" $) .Values.initFs.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- with (default (fromYaml (include "sonarqube.initContainerSecurityContext" .)) .Values.initFs.securityContext) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.initContainers.resources .Values.initFs.resources) }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
command: ["sh", "-e", "/tmp/scripts/init_fs.sh"]
volumeMounts:
- name: init-fs
mountPath: /tmp/scripts/
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
image: {{ default (include "sonarqube.image" $) .Values.plugins.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh", "-e", "/tmp/scripts/install_plugins.sh"]
{{- with (default (fromYaml (include "sonarqube.initContainerSecurityContext" .)) .Values.plugins.securityContext) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with (default .Values.initContainers.resources .Values.plugins.resource) }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/plugins
name: sonarqube
subPath: extensions/plugins
- name: install-plugins
mountPath: /tmp/scripts/
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
mountPath: /root
{{- end }}
env:
{{- with (include "sonarqube.install-plugins-proxy.env" .) }}
{{- . | nindent 8 }}
{{- end }}
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
{{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.url }}
- name: install-oracle-jdbc-driver
image: {{ default (include "sonarqube.image" $) .Values.initContainers.image }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["sh", "-e", "/tmp/scripts/install_oracle_jdbc_driver.sh"]
{{- with (default (fromYaml (include "sonarqube.initContainerSecurityContext" .)) .Values.initContainers.securityContext) }}
securityContext: {{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.initContainers.resources }}
resources: {{- toYaml . | nindent 8 }}
{{- end }}
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/extensions/jdbc-driver/oracle
name: sonarqube
subPath: extensions/jdbc-driver/oracle
- name: install-oracle-jdbc-driver
mountPath: /tmp/scripts/
{{- if .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
- name: oracle-jdbc-driver-netrc-file
mountPath: /root
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: /tmp/secrets/ca-certs
name: ca-certs
{{- end }}
env:
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
{{- end }}
containers:
{{- with .Values.extraContainers }}
{{- toYaml . | nindent 4 }}
{{- end }}
- name: {{ .Chart.Name }}
image: {{ include "sonarqube.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.internalPort }}
protocol: TCP
{{- if .Values.prometheusExporter.enabled }}
- name: monitoring-web
containerPort: {{ .Values.prometheusExporter.webBeanPort }}
protocol: TCP
- name: monitoring-ce
containerPort: {{ .Values.prometheusExporter.ceBeanPort }}
protocol: TCP
{{- end }}
resources: {{- toYaml .Values.resources | nindent 8 }}
env:
- name: SONAR_HELM_CHART_VERSION
value: {{ .Chart.Version | replace "+" "_" }}
{{- if .Values.OpenShift.enabled }}
- name: IS_HELM_OPENSHIFT_ENABLED
value: "true"
{{- end }}
{{- if or .Values.jdbcOverwrite.enabled .Values.jdbcOverwrite.enable }}
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "jdbc.secret" . }}
key: {{ include "jdbc.secretPasswordKey" . }}
{{- end }}
- name: SONAR_WEB_SYSTEMPASSCODE
valueFrom:
secretKeyRef:
{{- if and .Values.monitoringPasscodeSecretName .Values.monitoringPasscodeSecretKey }}
name: {{ .Values.monitoringPasscodeSecretName }}
key: {{ .Values.monitoringPasscodeSecretKey }}
{{- else }}
name: {{ include "sonarqube.fullname" . }}-monitoring-passcode
key: SONAR_WEB_SYSTEMPASSCODE
{{- end }}
{{- (include "sonarqube.combined_env" . | fromJsonArray) | toYaml | trim | nindent 8 }}
envFrom:
{{- if or .Values.jdbcOverwrite.enabled .Values.jdbcOverwrite.enable }}
- configMapRef:
name: {{ include "sonarqube.fullname" . }}-jdbc-config
{{- end }}
{{- if include "sonarqube.azure.enabled" . }}
- configMapRef:
name: {{ template "sonarqube.fullname" . }}-azure-config
{{- end }}
{{- range .Values.extraConfig.secrets }}
- secretRef:
name: {{ . }}
{{- end }}
{{- range .Values.extraConfig.configmaps }}
- configMapRef:
name: {{ . }}
{{- end }}
livenessProbe:
{{- tpl (omit .Values.livenessProbe "sonarWebContext" | toYaml) . | nindent 8 }}
readinessProbe:
{{- tpl (omit .Values.readinessProbe "sonarWebContext" | toYaml) . | nindent 8 }}
startupProbe:
httpGet:
scheme: HTTP
path: {{ .Values.startupProbe.sonarWebContext | default (include "sonarqube.webcontext" .) }}api/system/status
port: http
initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.startupProbe.periodSeconds }}
failureThreshold: {{ .Values.startupProbe.failureThreshold }}
timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
{{- with (include "sonarqube.containerSecurityContext" .) }}
securityContext: {{- . | nindent 8 }}
{{- end }}
volumeMounts:
- mountPath: {{ .Values.sonarqubeFolder }}/data
name: sonarqube
subPath: data
- mountPath: {{ .Values.sonarqubeFolder }}/temp
name: sonarqube
subPath: temp
- mountPath: {{ .Values.sonarqubeFolder }}/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey (not .Values.elasticsearch.bootstrapChecks) }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/
name: concat-dir
{{- end }}
{{- if .Values.sonarSecretKey }}
- mountPath: {{ .Values.sonarqubeFolder }}/secret/
name: secret
{{- end }}
{{- if .Values.caCerts.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/certs
name: sonarqube
subPath: certs
{{- end }}
- mountPath: {{ .Values.sonarqubeFolder }}/extensions
name: sonarqube
subPath: extensions
{{- if .Values.prometheusExporter.enabled }}
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-config.yaml
subPath: prometheus-config.yaml
name: prometheus-config
- mountPath: {{ .Values.sonarqubeFolder }}/conf/prometheus-ce-config.yaml
subPath: prometheus-ce-config.yaml
name: prometheus-ce-config
{{- end }}
{{- with .Values.persistence.mounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.hostAliases }}
hostAliases: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
serviceAccountName: {{ include "sonarqube.serviceAccountName" . }}
volumes:
{{- with .Values.persistence.volumes }}
{{- tpl (toYaml . | nindent 4) $ }}
{{- end }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.sonarProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name: config
configMap:
name: {{ include "sonarqube.fullname" . }}-config
items:
- key: sonar.properties
path: sonar.properties
{{- end }}
{{- if .Values.sonarSecretProperties }}
- name: secret-config
secret:
secretName: {{ .Values.sonarSecretProperties }}
items:
- key: secret.properties
path: secret.properties
{{- end }}
{{- if .Values.sonarSecretKey }}
- name: secret
secret:
secretName: {{ .Values.sonarSecretKey }}
items:
- key: sonar-secret.txt
path: sonar-secret.txt
{{- end }}
{{- include "sonarqube.volumes.caCerts" . | nindent 4 }}
{{- if .Values.plugins.netrcCreds }}
- name: plugins-netrc-file
secret:
secretName: {{ .Values.plugins.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
{{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
- name: oracle-jdbc-driver-netrc-file
secret:
secretName: {{ .Values.jdbcOverwrite.oracleJdbcDriver.netrcCreds }}
items:
- key: netrc
path: .netrc
{{- end }}
{{- if and .Values.initSysctl.enabled (not .Values.OpenShift.enabled) }}
- name: init-sysctl
configMap:
name: {{ include "sonarqube.fullname" . }}-init-sysctl
items:
- key: init_sysctl.sh
path: init_sysctl.sh
{{- end }}
{{- if and .Values.persistence.enabled .Values.initFs.enabled (not .Values.OpenShift.enabled) }}
- name: init-fs
configMap:
name: {{ include "sonarqube.fullname" . }}-init-fs
items:
- key: init_fs.sh
path: init_fs.sh
{{- end }}
{{- if .Values.plugins.install }}
- name: install-plugins
configMap:
name: {{ include "sonarqube.fullname" . }}-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
{{- end }}
{{- if and .Values.jdbcOverwrite.oracleJdbcDriver .Values.jdbcOverwrite.oracleJdbcDriver.url }}
- name: install-oracle-jdbc-driver
configMap:
name: {{ include "sonarqube.fullname" . }}-install-oracle-jdbc-driver
items:
- key: install_oracle_jdbc_driver.sh
path: install_oracle_jdbc_driver.sh
{{- end }}
{{- if .Values.prometheusExporter.enabled }}
- name: prometheus-config
configMap:
name: {{ include "sonarqube.fullname" . }}-prometheus-config
items:
- key: prometheus-config.yaml
path: prometheus-config.yaml
- name: prometheus-ce-config
configMap:
name: {{ include "sonarqube.fullname" . }}-prometheus-ce-config
items:
- key: prometheus-ce-config.yaml
path: prometheus-ce-config.yaml
{{- end }}
- name: sonarqube
{{- if and .Values.persistence.enabled (not .Values.persistence.hostPath) }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "sonarqube.fullname" . }}{{- end }}
{{- else if and .Values.persistence.enabled .Values.persistence.hostPath }}
hostPath:
path: {{ .Values.persistence.hostPath.path }}
type: {{ .Values.persistence.hostPath.type }}
{{- else }}
emptyDir: {{- toYaml .Values.emptyDir | nindent 8 }}
{{- end }}
- name : tmp-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 8 }}
{{- if or .Values.sonarProperties .Values.sonarSecretProperties .Values.sonarSecretKey ( not .Values.elasticsearch.bootstrapChecks) }}
- name : concat-dir
emptyDir: {{- toYaml .Values.emptyDir | nindent 8 }}
{{- end }}
{{- end -}}