DOCKER-80 add the possibility of using a secret for customizing the a…

…dmin password (#251)
SonarSource · Aug 26, 2022 · 2a3bed2 · 2a3bed2
1 parent c2f4120
commit 2a3bed2
Show file tree

Hide file tree

Showing 10 changed files with 36 additions and 4 deletions.
diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md
@@ -1,6 +1,9 @@
 # SonarQube Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [4.0.5]
+* Add the possibility of using a secret for customizing the admin password
+
 ## [4.0.4]
 * Remove unreachable condition and fix the right values for sonarProperties and sonarSecretProperties
 

diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: sonarqube-dce
 description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
 type: application
-version: 4.0.4
+version: 4.0.5
 appVersion: 9.6.0
 keywords:
   - coverage

diff --git a/charts/sonarqube-dce/README.md b/charts/sonarqube-dce/README.md
@@ -396,6 +396,7 @@ The following table lists the configurable parameters of the Sonarqube chart and
 | `logging.jsonOutput` | Enable/Disable logging in JSON format | `false` |
 | `account.adminPassword` | Custom new admin password | `admin` |
 | `account.currentAdminPassword` | Current admin password | `admin` |
+| `account.adminPasswordSecretName` | Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin | `None` |
 | `account.resources.requests.memory` | Memory request for Admin hook | `128Mi` |
 | `account.resources.requests.cpu` | CPU request for Admin hook | `100m` |
 | `account.resources.limits.memory` | Memory limit for Admin hook | `128Mi` |

diff --git a/charts/sonarqube-dce/templates/change-admin-password-hook.yml b/charts/sonarqube-dce/templates/change-admin-password-hook.yml
@@ -1,5 +1,5 @@
 {{- if .Values.account }}
-{{- if .Values.account.adminPassword }}
+{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -57,12 +57,20 @@ spec:
         - name: ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
+              {{- if .Values.account.adminPassword }}
               name: {{ template "sonarqube.fullname" . }}-admin-password
+              {{- else }}
+              name: {{ .Values.account.adminPasswordSecretName }}
+              {{- end }}
               key: password
         - name: CURRENT_ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
+              {{- if .Values.account.adminPassword }}
               name: {{ template "sonarqube.fullname" . }}-admin-password
+              {{- else }}
+              name: {{ .Values.account.adminPasswordSecretName }}
+              {{- end }}
               key: currentPassword
         resources:
 {{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }}

diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml
@@ -549,8 +549,12 @@ extraConfig:
   configmaps: []
 
 # account:
+# The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin")
 #   adminPassword: admin
 #   currentAdminPassword: admin
+# The above values can be also provided by a secret that contains "password" and "currentPassword" as keys. You can generate such a secret in your cluster
+# using "kubectl create secret generic admin-password-secret-name --from-literal=password=admin --from-literal=currentPassword=admin"
+#   adminPasswordSecretName: ""
 #   resources:
 #     limits:
 #       cpu: 100m

diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md
@@ -1,6 +1,9 @@
 # SonarQube Chart Changelog
 All changes to this chart will be documented in this file.
 
+## [5.0.5]
+* Add the possibility of using a secret for customizing the admin password
+
 ## [5.0.4]
 * Add documentation for sonarProperties and sonarSecretProperties
 

diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: sonarqube
 description: SonarQube offers Code Quality and Code Security analysis for up to 27 languages. Find Bugs, Vulnerabilities, Security Hotspots and Code Smells throughout your workflow.
 type: application
-version: 5.0.4
+version: 5.0.5
 appVersion: 9.6.0
 keywords:
   - coverage

diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md
@@ -384,6 +384,7 @@ The following table lists the configurable parameters of the Sonarqube chart and
 | --------- | ----------- | ------- |
 | `account.adminPassword` | Custom admin password | `admin` |
 | `account.currentAdminPassword` | Current admin password | `admin` |
+| `account.adminPasswordSecretName` | Secret containing `password` (custom password) and `currentPassword` (current password) keys for admin | `None` |
 | `account.resources.requests.memory` | Memory request for Admin hook | `128Mi` |
 | `account.resources.requests.cpu` | CPU request for Admin hook | `100m` |
 | `account.resources.limits.memory` | Memory limit for Admin hook | `128Mi` |

diff --git a/charts/sonarqube/templates/change-admin-password-hook.yml b/charts/sonarqube/templates/change-admin-password-hook.yml
@@ -1,5 +1,5 @@
 {{- if .Values.account }}
-{{- if .Values.account.adminPassword }}
+{{- if or .Values.account.adminPassword .Values.account.adminPasswordSecretName}}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -61,12 +61,20 @@ spec:
         - name: ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
+              {{- if .Values.account.adminPassword }}
               name: {{ template "sonarqube.fullname" . }}-admin-password
+              {{- else }}
+              name: {{ .Values.account.adminPasswordSecretName }}
+              {{- end }}
               key: password
         - name: CURRENT_ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
+              {{- if .Values.account.adminPassword }}
               name: {{ template "sonarqube.fullname" . }}-admin-password
+              {{- else }}
+              name: {{ .Values.account.adminPasswordSecretName }}
+              {{- end }}
               key: currentPassword
         resources:
 {{ toYaml (default .Values.resources .Values.account.resources) | indent 10 }}

diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml
@@ -498,8 +498,12 @@ extraConfig:
   configmaps: []
 
 # account:
+# The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin")
 #   adminPassword: admin
 #   currentAdminPassword: admin
+# The above values can be also provided by a secret that contains "password" and "currentPassword" as keys. You can generate such a secret in your cluster
+# using "kubectl create secret generic admin-password-secret-name --from-literal=password=admin --from-literal=currentPassword=admin"
+#   adminPasswordSecretName: ""
 #   securityContext: {}
 #   resources:
 #     limits: