Sonarqube 8.3 Community version [Version 8.3.1 (build 34397)] with auth oidc 2.0.0 pluginπ
Table Of Contentsπ
- Application Overview
- Usage
- Integrations
- Prometheus
- ECK
- Keycloak
- Party Bus
- Troubleshooting Tips
Application Overviewπ
This repo contains manifests to deploy Sonarqube static code analysis tool into a Kubernetes cluster. Additional docs for using Sonarqube and its plugins can be found at https://docs.sonarqube.org/latest/
Usageπ
Deployment Notesπ
Please note the settings applied in the file “sonar.properties” since they override any settings applied through the UI. Documentation can be found here with additional properties shown in the Sonarqube instance’s settings page.
:warning: Sonarqube’s UI may not display the true value for settings applied through “sonar.properties”
sonar.es.bootstrap.checks.disable=true
βΒ Disables enforcement of Elasticsearch and system setting checks.
sonar.forceAuthentication=true
β Restricts anonymous users from browsing the SonarQube instance, either through the API or the web service
Please also note that appropriate secrets (listed below) should be defined before the sonarqube pod is able to connect to the postgres database and is able to function properly. Sonarqube needs three environment variables to access the postgres database.
SONARQUBE_JDBC_URL - URL for the postgres database to use
SONARQUBE_JDBC_USERNAME - username to access the postgres database
SONARQUBE_JDBC_PASSWORD - password for the above user
These need to be added in as Kubernetes secrets and mounted into the sonarqube pod https://kubernetes.io/docs/concepts/configuration/secret/.
This BigBang chart has the following value fed in as a JDK_JAVA_OPTIONS
environment variable in order to alleviate issues when running on FIPS enabled Kubernetes nodes: -Dcom.redhat.fips=false
. If there is need to add in your own JDK_JAVA_OPTIONS
flag ensure that that fips related flag is also present either before or after any other flags. Also if there is any other env value that is overridden into the chart please ensure you also add this YAML so the JDK_JAVA_OPTIONS
variable is present in the deployment:
env:
...
- name: JDK_JAVA_OPTIONS
value: "-Dcom.redhat.fips=false"
Default Admin Credentialsπ
When installing SonarQube, a default user with administrator privileges is created automatically:
Login: admin Password: admin
For security reasons the administrator password should be changed. This can be done from the SonarQube dashboard by following these steps:
1)Log in to the SonarQube dashboard.
2)Under the βUser Nameβ dropdown menu in the upper right corner, click on βMy Accountβ.
3)Select the βSecurityβ tab.
4)Enter your old password and enter your new password twice to confirm the change.
5)Click the βChange passwordβ button.
Integrationsπ
Prometheus.mdπ
- Configuration items
- List of metrics gathered
- Useful queries [living list]
ECK.mdπ
- Configuration items
- Fluentd Pipelines
- Important Logs
- Useful queries [living list]
Keycloak.mdπ
- Configuration items
- Add new groups
- Claim information
- OiD / SAML application items
PartyBus.mdπ
- First time configuration
- OIDC integration
- Pipeline integration