Sonarqube 8.3 Community version [Version 8.3.1 (build 34397)] with auth oidc 2.0.0 pluginπ
Table Of Contentsπ
- Application Overview
- Usage
- Integrations
- Prometheus
- ECK
- Keycloak
- Party Bus
- Troubleshooting Tips
Application Overviewπ
This repo contains manifests to deploy Sonarqube static code analysis tool into a Kubernetes cluster. Additional docs for using Sonarqube and its plugins can be found at https://docs.sonarqube.org/latest/
Usageπ
Deployment Notesπ
Please note the settings applied in the file “sonar.properties” since they override any settings applied through the UI. Documentation can be found here with additional properties shown in the Sonarqube instance’s settings page.
:warning: Sonarqube’s UI may not display the true value for settings applied through “sonar.properties”
sonar.es.bootstrap.checks.disable=true βΒ Disables enforcement of Elasticsearch and system setting checks.
sonar.forceAuthentication=true β Restricts anonymous users from browsing the SonarQube instance, either through the API or the web service
Please also note that appropriate secrets (listed below) should be defined before the sonarqube pod is able to connect to the postgres database and is able to function properly. Sonarqube needs three environment variables to access the postgres database.
SONARQUBE_JDBC_URL - URL for the postgres database to use
SONARQUBE_JDBC_USERNAME - username to access the postgres database
SONARQUBE_JDBC_PASSWORD - password for the above user
These need to be added in as Kubernetes secrets and mounted into the sonarqube pod https://kubernetes.io/docs/concepts/configuration/secret/.
This BigBang chart has the following value fed in as a JDK_JAVA_OPTIONS environment variable in order to alleviate issues when running on FIPS enabled Kubernetes nodes: -Dcom.redhat.fips=false. If there is need to add in your own JDK_JAVA_OPTIONS flag ensure that that fips related flag is also present either before or after any other flags. Also if there is any other env value that is overridden into the chart please ensure you also add this YAML so the JDK_JAVA_OPTIONS variable is present in the deployment:
env:
  ...
  - name: JDK_JAVA_OPTIONS
    value: "-Dcom.redhat.fips=false"
Default Admin Credentialsπ
When installing SonarQube, a default user with administrator privileges is created automatically:
Login: admin Password: admin
For security reasons the administrator password should be changed. This can be done from the SonarQube dashboard by following these steps:
1)Log in to the SonarQube dashboard.
2)Under the βUser Nameβ dropdown menu in the upper right corner, click on βMy Accountβ.
3)Select the βSecurityβ tab.
4)Enter your old password and enter your new password twice to confirm the change.
5)Click the βChange passwordβ button.
Integrationsπ
Prometheus.mdπ
- Configuration items
- List of metrics gathered
- Useful queries [living list]
ECK.mdπ
- Configuration items
- Fluentd Pipelines
- Important Logs
- Useful queries [living list]
Keycloak.mdπ
- Configuration items
- Add new groups
- Claim information
- OiD / SAML application items
PartyBus.mdπ
- First time configuration
- OIDC integration
- Pipeline integration
Troubleshooting Tipsπ
Internal Postgres Chartπ
If performing a helm upgrade when moving beyond version 10.x of the postgresql subchart, you may encounter an error regarding being unable to modify the sonarqube-postgresql statefulset. Follow the instructions here: 10.x upgrade
If you encounter an error that the key ‘password’ does not exist in secret sonarqube-postgresql during a helm upgrade, modify the sonarqube-postgresql secret to have a key: password. The value for the password key should be the normal value contained in postgresql-password. Between versions 10.x and 15.x the postgresql-password has changed in spelling and purpose. The following one-liner can be used or modified to perform this operation: 
kubectl patch secret sonarqube-postgresql -n sonarqube -p='{"data":{"password":"'"$(kubectl get secret sonarqube-postgresql -n sonarqube -o jsonpath="{.data.postgresql-password}")"'"}}'