From 11fefb5363802c7f83953bdb5b935d72c5640d13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Geoffroy?= <99647462+leo-geoffroy-sonarsource@users.noreply.github.com> Date: Thu, 1 Sep 2022 11:11:30 +0200 Subject: [PATCH] REL-2377 Revert and upgrade for release --- charts/sonarqube-dce/CHANGELOG.md | 16 ++------------ charts/sonarqube-dce/Chart.yaml | 22 +++++-------------- charts/sonarqube-dce/README.md | 14 ++++-------- charts/sonarqube-dce/requirements.yaml | 9 ++++++++ .../templates/change-admin-password-hook.yml | 10 +-------- .../templates/sonarqube-application.yaml | 6 ++++- charts/sonarqube-dce/values.yaml | 10 +++------ charts/sonarqube/CHANGELOG.md | 16 ++------------ charts/sonarqube/Chart.yaml | 20 +++++------------ charts/sonarqube/README.md | 7 +++--- charts/sonarqube/requirements.yaml | 9 ++++++++ .../templates/change-admin-password-hook.yml | 10 +-------- charts/sonarqube/templates/sonarqube-sts.yaml | 2 +- charts/sonarqube/values.schema.json | 12 ---------- charts/sonarqube/values.yaml | 14 +++++------- 15 files changed, 56 insertions(+), 121 deletions(-) create mode 100644 charts/sonarqube-dce/requirements.yaml create mode 100644 charts/sonarqube/requirements.yaml delete mode 100644 charts/sonarqube/values.schema.json diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md index 29a562c1f..0d4fa8162 100644 --- a/charts/sonarqube-dce/CHANGELOG.md +++ b/charts/sonarqube-dce/CHANGELOG.md @@ -1,20 +1,8 @@ # SonarQube Chart Changelog All changes to this chart will be documented in this file. -## [4.0.5] -* Add the possibility of using a secret for customizing the admin password - -## [4.0.4] -* Remove unreachable condition and fix the right values for sonarProperties and sonarSecretProperties - -## [4.0.3] -* Bump apiVersion to v2 - -## [4.0.2] -* Add documentation for ApplicationNodes.jwtSecret - -## [4.0.1] -* Add documentation for ingress tls +## [4.0.6] +* Updated SonarQube to 9.6.1 ## [4.0.0] * Updated SonarQube to 9.6.0 diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml index f2b77d414..1c55b77a8 100644 --- a/charts/sonarqube-dce/Chart.yaml +++ b/charts/sonarqube-dce/Chart.yaml @@ -1,9 +1,8 @@ -apiVersion: v2 +apiVersion: v1 name: sonarqube-dce description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow. -type: application -version: 4.0.5 -appVersion: 9.6.0 +version: 4.0.6 +appVersion: 9.6.1 keywords: - coverage - security @@ -26,19 +25,10 @@ annotations: url: https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube-dce artifacthub.io/changes: | - kind: changed - description: "Updated SonarQube to 9.6.0" + description: "Updated SonarQube to 9.6.1" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube-app - image: sonarqube:9.6.0-datacenter-app + image: sonarqube:9.6.1-datacenter-app - name: sonarqube-search - image: sonarqube:9.6.0-datacenter-search -dependencies: - - name: postgresql - version: 10.15.0 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled - - name: ingress-nginx - version: 4.0.13 - repository: https://kubernetes.github.io/ingress-nginx - condition: nginx.enabled + image: sonarqube:9.6.1-datacenter-search diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md index 0441ea8a9..2bd2f7dfd 100644 --- a/charts/sonarqube-dce/README.md +++ b/charts/sonarqube-dce/README.md @@ -16,12 +16,7 @@ Please note that this chart does NOT support SonarQube Community, Developer, and ## Installing the chart -> **_NOTE:_** Please refer to [the official page](https://docs.sonarqube.org/latest/setup/sonarqube-cluster-on-kubernetes/) for further information on how to install and tune the helm chart specifications. - -Prior to installing the chart, please ensure that the `ApplicationNodes.jwtSecret` value is set properly with a HS256 key encoded with base64. In the following, an example on how to generate this key on a Unix system: -```bash -echo -n "your_secret" | openssl dgst -sha256 -hmac "your_key" -binary | base64 -``` +Please ensure that the value for `ApplicationNodes.jwtSecret` is set with something like `echo -n "your_secret" | openssl dgst -sha256 -hmac "your_key" -binary | base64` and persist this in your `values.yaml`. To install the chart: @@ -166,8 +161,8 @@ The following table lists the configurable parameters of the Sonarqube chart and | `ApplicationNodes.image.pullSecret` | (DEPRECATED) app imagePullSecret to use for private repository | `nil` | | `ApplicationNodes.image.pullSecrets` | app imagePullSecrets to use for private repository | `nil` | | `ApplicationNodes.env` | Environment variables to attach to the app pods | `nil` | -| `ApplicationNodes.sonarProperties` | Custom `sonar.properties` key-value pairs for App Nodes (e.g., "ApplicationNodes.sonarProperties.sonar.forceAuthentication=true") | `None` | -| `ApplicationNodes.sonarSecretProperties` | Additional `sonar.properties` key-value pairs for App Nodes to load from a secret | `None` | +| `ApplicationNodes.sonarProperties` | Custom `sonar.properties` file for App Nodes | `None` | +| `ApplicationNodes.sonarSecretProperties` | Additional `sonar.properties` file for App Nodes to load from a secret | `None` | | `ApplicationNodes.sonarSecretKey` | Name of existing secret used for settings encryption | `None` | | `ApplicationNodes.replicaCount` | Replica count of the app Nodes | `2` | | `ApplicationNodes.podDistributionBudget` | PodDisctributionBudget for the App Nodes | `minAvailable: "50%"` | @@ -214,7 +209,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `ApplicationNodes.plugins.securityContext` | Security context for the container to download plugins | see `values.yaml | | `ApplicationNodes.jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `""` | | `ApplicationNodes.jvmCeOpts` | Values to add to SONAR_CE_JAVAOPTS | `""` | -| `ApplicationNodes.jwtSecret` | A HS256 key encoded with base64 (*This value must be set before installing the chart, see [the documentation](https://docs.sonarqube.org/latest/setup/sonarqube-cluster-on-kubernetes/)*) | `""` | +| `ApplicationNodes.jwtSecret` | A HS256 key encoded with base64 | `""` | | `ApplicationNodes.existingJwtSecret` | secret that contains the `jwtSecret` | `nil` | | `ApplicationNodes.resources.requests.memory` | memory request for app Nodes | `2Gi` | | `ApplicationNodes.resources.requests.cpu` | cpu request for app Nodes | `400m` | @@ -396,7 +391,6 @@ The following table lists the configurable parameters of the Sonarqube chart and | `logging.jsonOutput` | Enable/Disable logging in JSON format | `false` | | `account.adminPassword` | Custom new admin password | `admin` | | `account.currentAdminPassword` | Current admin password | `admin` | -| `account.adminPasswordSecretName` | Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin | `None` | | `account.resources.requests.memory` | Memory request for Admin hook | `128Mi` | | `account.resources.requests.cpu` | CPU request for Admin hook | `100m` | | `account.resources.limits.memory` | Memory limit for Admin hook | `128Mi` | diff --git a/charts/sonarqube-dce/requirements.yaml b/charts/sonarqube-dce/requirements.yaml new file mode 100644 index 000000000..c3ac9df1c --- /dev/null +++ b/charts/sonarqube-dce/requirements.yaml @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + version: 10.15.0 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled +- name: ingress-nginx + version: 4.0.13 + repository: https://kubernetes.github.io/ingress-nginx + condition: nginx.enabled \ No newline at end of file diff --git a/charts/sonarqube-dce/templates/change-admin-password-hook.yml b/charts/sonarqube-dce/templates/change-admin-password-hook.yml index 7acadc56e..8ae2c265c 100644 --- a/charts/sonarqube-dce/templates/change-admin-password-hook.yml +++ b/charts/sonarqube-dce/templates/change-admin-password-hook.yml @@ -1,5 +1,5 @@ {{- if .Values.account }} -{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}} +{{- if .Values.account.adminPassword }} apiVersion: batch/v1 kind: Job metadata: @@ -57,20 +57,12 @@ spec: - name: ADMIN_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.account.adminPassword }} name: {{ template "sonarqube.fullname" . }}-admin-password - {{- else }} - name: {{ .Values.account.adminPasswordSecretName }} - {{- end }} key: password - name: CURRENT_ADMIN_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.account.adminPassword }} name: {{ template "sonarqube.fullname" . }}-admin-password - {{- else }} - name: {{ .Values.account.adminPasswordSecretName }} - {{- end }} key: currentPassword resources: {{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }} diff --git a/charts/sonarqube-dce/templates/sonarqube-application.yaml b/charts/sonarqube-dce/templates/sonarqube-application.yaml index e12447573..2d2dd5512 100644 --- a/charts/sonarqube-dce/templates/sonarqube-application.yaml +++ b/charts/sonarqube-dce/templates/sonarqube-application.yaml @@ -315,10 +315,14 @@ spec: {{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- end }} volumeMounts: - {{- if or .Values.ApplicationNodes.sonarProperties .Values.ApplicationNodes.sonarSecretProperties }} + {{- if or .Values.sonarProperties .Values.sonarSecretProperties }} - mountPath: {{ .Values.sonarqubeFolder }}/conf/sonar.properties subPath: sonar.properties name: concat-dir + {{- else if .Values.sonarProperties }} + - mountPath: {{ .Values.sonarqubeFolder }}/conf/sonar.properties + subPath: sonar.properties + name: config {{- end }} {{- if .Values.sonarSecretKey }} - mountPath: {{ .Values.sonarqubeFolder }}/secret/ diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml index ae2ca7a2d..8efd166ca 100644 --- a/charts/sonarqube-dce/values.yaml +++ b/charts/sonarqube-dce/values.yaml @@ -5,7 +5,7 @@ searchNodes: image: repository: sonarqube - tag: 9.6.0-datacenter-search + tag: 9.6.1-datacenter-search pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: @@ -242,7 +242,7 @@ ApplicationNodes: ## Values to add to SONAR_CE_JAVAOPTS jvmCeOpts: "" - # Set this value with a HS256 key encoded with base64. You can generate a key using the following command on a Unix system: echo -n "your_secret" | openssl dgst -sha256 -hmac "your_key" -binary | base64 + # SONAR_AUTH_JWTBASE64HS256SECRET jwtSecret: "" # can use existing secret with SONAR_AUTH_JWTBASE64HS256SECRET as key # existingJwtSecret: "" @@ -311,7 +311,7 @@ ingress: # traffic-type: external # traffic-type: internal tls: [] - # Secrets must be manually created in the namespace. To generate a self-signed certificate (and private key) and then create the secret in the cluster please refer to official documentation available at https://kubernetes.github.io/ingress-nginx/user-guide/tls/#tls-secrets + # Secrets must be manually created in the namespace. # - secretName: chart-example-tls # hosts: # - chart-example.local @@ -549,12 +549,8 @@ extraConfig: configmaps: [] # account: -# The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin") # adminPassword: admin # currentAdminPassword: admin -# The above values can be also provided by a secret that contains "password" and "currentPassword" as keys. You can generate such a secret in your cluster -# using "kubectl create secret generic admin-password-secret-name --from-literal=password=admin --from-literal=currentPassword=admin" -# adminPasswordSecretName: "" # resources: # limits: # cpu: 100m diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index a92a5c088..2828e629b 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -1,20 +1,8 @@ # SonarQube Chart Changelog All changes to this chart will be documented in this file. -## [5.0.5] -* Add the possibility of using a secret for customizing the admin password - -## [5.0.4] -* Add documentation for sonarProperties and sonarSecretProperties - -## [5.0.3] -* Bump apiVersion to v2 - -## [5.0.2] -* Set the number of allowed replicas to 0 and 1 - -## [5.0.1] -* Add documentation for ingress tls +## [5.0.6] +* Updated SonarQube to 9.6.1 ## [5.0.0] * Updated SonarQube to 9.6.0 diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 691fc054f..cc9a43647 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -1,9 +1,8 @@ -apiVersion: v2 +apiVersion: v1 name: sonarqube description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow. -type: application -version: 5.0.5 -appVersion: 9.6.0 +version: 5.0.6 +appVersion: 9.6.1 keywords: - coverage - security @@ -26,17 +25,8 @@ annotations: url: https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube artifacthub.io/changes: | - kind: changed - description: "Updated SonarQube to 9.6.0" + description: "Updated SonarQube to 9.6.1" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube - image: sonarqube:9.6.0-community -dependencies: - - name: postgresql - version: 10.15.0 - repository: https://charts.bitnami.com/bitnami - condition: postgresql.enabled - - name: ingress-nginx - version: 4.0.13 - repository: https://kubernetes.github.io/ingress-nginx - condition: nginx.enabled + image: sonarqube:9.6.1-community diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md index 5e9467444..2d76ba2c0 100644 --- a/charts/sonarqube/README.md +++ b/charts/sonarqube/README.md @@ -118,7 +118,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | Parameter | Description | Default | | --------- | ----------- | ------- | | `deploymentType` | Deployment Type (supported values are `StatefulSet` or `Deployment`) | `StatefulSet` | -| `replicaCount` | Number of replicas deployed (supported values are 0 and 1) | `1` | +| `replicaCount` | Number of replicas deployed | `1` | | `deploymentStrategy` | Deployment strategy | `{}` | | `priorityClassName` | Schedule pods on priority (e.g. `high-priority`) | `None` | | `schedulerName` | Kubernetes scheduler name | `None` | @@ -287,8 +287,8 @@ The following table lists the configurable parameters of the Sonarqube chart and | `jvmOpts` | Values to add to SONARQUBE_WEB_JVM_OPTS | `""` | | `jvmCeOpts` | Values to add to SONAR_CE_JAVAOPTS | `""` | | `sonarqubeFolder` | Directory name of Sonarqube | `/opt/sonarqube` | -| `sonarProperties` | Custom `sonar.properties` key-value pairs (e.g., "sonarProperties.sonar.forceAuthentication=true") | `None` | -| `sonarSecretProperties` | Additional `sonar.properties` key-value pairs to load from a secret | `None` | +| `sonarProperties` | Custom `sonar.properties` file | `None` | +| `sonarSecretProperties` | Additional `sonar.properties` file to load from a secret | `None` | | `sonarSecretKey` | Name of existing secret used for settings encryption | `None` | | `monitoringPasscode` | Value for sonar.web.systemPasscode. needed for LivenessProbes | `define_it` | | `extraContainers` | Array of extra containers to run alongside the `sonarqube` container (aka. Sidecars) | `[]` | @@ -384,7 +384,6 @@ The following table lists the configurable parameters of the Sonarqube chart and | --------- | ----------- | ------- | | `account.adminPassword` | Custom admin password | `admin` | | `account.currentAdminPassword` | Current admin password | `admin` | -| `account.adminPasswordSecretName` | Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin | `None` | | `account.resources.requests.memory` | Memory request for Admin hook | `128Mi` | | `account.resources.requests.cpu` | CPU request for Admin hook | `100m` | | `account.resources.limits.memory` | Memory limit for Admin hook | `128Mi` | diff --git a/charts/sonarqube/requirements.yaml b/charts/sonarqube/requirements.yaml new file mode 100644 index 000000000..c3ac9df1c --- /dev/null +++ b/charts/sonarqube/requirements.yaml @@ -0,0 +1,9 @@ +dependencies: +- name: postgresql + version: 10.15.0 + repository: https://charts.bitnami.com/bitnami + condition: postgresql.enabled +- name: ingress-nginx + version: 4.0.13 + repository: https://kubernetes.github.io/ingress-nginx + condition: nginx.enabled \ No newline at end of file diff --git a/charts/sonarqube/templates/change-admin-password-hook.yml b/charts/sonarqube/templates/change-admin-password-hook.yml index b7dc10651..5fdd836e1 100644 --- a/charts/sonarqube/templates/change-admin-password-hook.yml +++ b/charts/sonarqube/templates/change-admin-password-hook.yml @@ -1,5 +1,5 @@ {{- if .Values.account }} -{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}} +{{- if .Values.account.adminPassword }} apiVersion: batch/v1 kind: Job metadata: @@ -61,20 +61,12 @@ spec: - name: ADMIN_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.account.adminPassword }} name: {{ template "sonarqube.fullname" . }}-admin-password - {{- else }} - name: {{ .Values.account.adminPasswordSecretName }} - {{- end }} key: password - name: CURRENT_ADMIN_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.account.adminPassword }} name: {{ template "sonarqube.fullname" . }}-admin-password - {{- else }} - name: {{ .Values.account.adminPasswordSecretName }} - {{- end }} key: currentPassword resources: {{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }} diff --git a/charts/sonarqube/templates/sonarqube-sts.yaml b/charts/sonarqube/templates/sonarqube-sts.yaml index 4efc1f6a8..60b39f724 100644 --- a/charts/sonarqube/templates/sonarqube-sts.yaml +++ b/charts/sonarqube/templates/sonarqube-sts.yaml @@ -15,7 +15,7 @@ metadata: app.kubernetes.io/component: {{ template "sonarqube.fullname" . }} app.kubernetes.io/version: {{ tpl .Values.image.tag . | quote }} spec: - replicas: {{ .Values.replicaCount }} + replicas: 1 serviceName: {{ template "sonarqube.fullname" . }} selector: matchLabels: diff --git a/charts/sonarqube/values.schema.json b/charts/sonarqube/values.schema.json deleted file mode 100644 index 3a2f06133..000000000 --- a/charts/sonarqube/values.schema.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "$schema": "http://json-schema.org/draft-07/schema", - "required": [ - "replicaCount" - ], - "properties": { - "replicaCount": { - "type": "integer", - "enum": [0, 1] - } - } - } \ No newline at end of file diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index 63c4817ef..8d7afbdf7 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -2,13 +2,13 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -# If the deployment Type is set to Deployment sonarqube is deployed as a replica set. deploymentType: "StatefulSet" -# There should not be more than 1 sonarqube instance connected to the same database. Please set this value to 1 or 0 (in case you need to scale down programmatically). +# If the deployment Type is set to Deployment sonarqube is deployed as a replica set +# There should not be more than 1 sonarqube instance connected to the same database replicaCount: 1 -# This will use the default deployment strategy unless it is overriden + # This will use the default deployment strategy unless it is overriden deploymentStrategy: {} # Uncomment this to scheduler pods on priority # priorityClassName: "high-priority" @@ -27,7 +27,7 @@ edition: "community" image: repository: sonarqube - tag: 9.6.0-{{ .Values.edition }} + tag: 9.6.1-{{ .Values.edition }} pullPolicy: IfNotPresent # If using a private repository, the imagePullSecrets to use # pullSecrets: @@ -103,7 +103,7 @@ ingress: # traffic-type: external # traffic-type: internal tls: [] - # Secrets must be manually created in the namespace. To generate a self-signed certificate (and private key) and then create the secret in the cluster please refer to official documentation available at https://kubernetes.github.io/ingress-nginx/user-guide/tls/#tls-secrets + # Secrets must be manually created in the namespace. # - secretName: chart-example-tls # hosts: # - chart-example.local @@ -498,12 +498,8 @@ extraConfig: configmaps: [] # account: -# The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin") # adminPassword: admin # currentAdminPassword: admin -# The above values can be also provided by a secret that contains "password" and "currentPassword" as keys. You can generate such a secret in your cluster -# using "kubectl create secret generic admin-password-secret-name --from-literal=password=admin --from-literal=currentPassword=admin" -# adminPasswordSecretName: "" # securityContext: {} # resources: # limits: