Skip to content

sonarqube values.yaml📜

replicaCount📜

Type: int

Default value
1

sso.enabled📜

Type: bool

Default value
false

sso.name📜

Type: string

Default value
""

sso.applicationid📜

Type: string

Default value
""

sso.providerid📜

Type: string

Default value
""

sso.loginUrl📜

Type: string

Default value
""

sso.secured📜

Type: string

Default value
""

sso.serverBaseURL📜

Type: string

Default value
""

sso.idpmetadataurl📜

Type: string

Default value
""

sso.image📜

Type: string

Default value
""

sso.resources.limits.cpu📜

Type: string

Default value
"100m"

sso.resources.limits.memory📜

Type: string

Default value
"256Mi"

sso.resources.requests.cpu📜

Type: string

Default value
"100m"

sso.resources.requests.memory📜

Type: string

Default value
"256Mi"

sso.containerSecurityContext.enabled📜

Type: bool

Default value
true

sso.containerSecurityContext.fsGroup📜

Type: int

Default value
26

sso.containerSecurityContext.runAsUser📜

Type: int

Default value
26

sso.containerSecurityContext.runAsGroup📜

Type: int

Default value
26

sso.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream📜

Type: object

Default value
community:
  buildNumber: 25.8.0.112029
  enabled: true
containerSecurityContext:
  capabilities:
    drop:
    - ALL
  runAsGroup: 1000
env:
- name: JDK_JAVA_OPTIONS
  value: -Dcom.redhat.fips=false
fullnameOverride: sonarqube-sonarqube
image:
  pullSecrets: []
  repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build
  tag: 25.8.0.112029-community
initContainers:
  image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
  readOnlyRootFilesystem: true
  resources:
    limits:
      cpu: 50m
      memory: 300Mi
    requests:
      cpu: 50m
      memory: 300Mi
  securityContext:
    runAsGroup: 1000
initFs:
  enabled: false
initSysctl:
  enabled: false
  securityContext:
    capabilities:
      drop:
      - ALL
livenessProbe:
  exec:
    command:
    - sh
    - -c
    - 'curl --silent --fail --output /dev/null --max-time {{ .Values.livenessProbe.timeoutSeconds
      | default 1 }} --header "X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" "http://localhost:{{
      .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext | default
      (include "sonarqube.webcontext" .) }}api/system/liveness"

      '
monitoringPasscode: define_it
nginx:
  enabled: false
persistence:
  size: 20Gi
plugins:
  image: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build:25.8.0.112029-community
postgresql:
  auth:
    database: sonarDB
    enablePostgresUser: true
    password: sonarPass
    username: sonarUser
  enabled: true
  image:
    pullSecrets:
    - private-registry
    registry: registry1.dso.mil
    repository: ironbank/opensource/postgres/postgresql
    tag: '16.2'
  postgresqlDatabase: sonarDB
  postgresqlPassword: sonarPass
  postgresqlUsername: sonarUser
  primary:
    extraEnvVars:
    - name: POSTGRES_DB
      value: sonarDB
    extraVolumeMounts:
    - mountPath: /var/run/postgresql
      name: runtime
    extraVolumes:
    - emptyDir: {}
      name: runtime
    persistence:
      mountPath: /var/lib/postgresql
      size: 20Gi
prometheusExporter:
  image: registry1.dso.mil/ironbank/opensource/prometheus/jmx-exporter:1.0.1
readinessProbe:
  exec:
    command:
    - sh
    - -c
    - "#!/bin/bash
# A Sonarqube container is considered ready if the status is UP,\
      \ DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are\
      \ added to prevent the node to be kill while sonarqube is upgrading the database.
\
      if curl -s http://localhost:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext\
      \ | default (include \"sonarqube.webcontext\" .) }}api/system/status | grep\
      \ -q -e '\"status\":\"UP\"' -e '\"status\":\"DB_MIGRATION_NEEDED\"' -e '\"status\"\
      :\"DB_MIGRATION_RUNNING\"'; then
  exit 0
fi
exit 1
"
  timeoutSeconds: 90
resources:
  limits:
    cpu: 1000m
  requests:
    cpu: 500m
securityContext:
  fsGroup: 1000
  runAsGroup: 1000
  runAsUser: 1000
serviceAccount:
  create: true
sonarProperties:
  sonar.ce.javaAdditionalOpts: -Dcom.redhat.fips=false
  sonar.forceAuthentication: true
  sonar.search.javaAdditionalOpts: -Dcom.redhat.fips=false
  sonar.web.javaAdditionalOpts: -Dcom.redhat.fips=false
tests:
  enabled: false
  image: bitnami/minideb-extras
  resources: {}
waitForDb:
  image: registry1.dso.mil/ironbank/opensource/postgres/postgresql:16.2

Description: We are exposing only the keys that BigBang overrides from the upstream chart. Please refer to the upstream chart for other value configs.

curlContainerImage📜

Type: string

Default value
"registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.6"

domain📜

Type: string

Default value
"dev.bigbang.mil"

istio.enabled📜

Type: bool

Default value
false

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.hardened.tempo.enabled📜

Type: bool

Default value
true

istio.hardened.tempo.namespaces[0]📜

Type: string

Default value
"tempo"

istio.hardened.tempo.principals[0]📜

Type: string

Default value
"cluster.local/ns/tempo/sa/tempo-tempo"

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default argocd peer authentication

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

istio.sonarqube.enabled📜

Type: bool

Default value
true

istio.sonarqube.annotations📜

Type: object

Default value
{}

istio.sonarqube.labels📜

Type: object

Default value
{}

istio.sonarqube.gateways[0]📜

Type: string

Default value
"istio-system/main"

istio.sonarqube.hosts[0]📜

Type: string

Default value
"sonarqube.{{ .Values.domain }}"

istio.injection📜

Type: string

Default value
"disabled"

monitoring.enabled📜

Type: bool

Default value
false

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.egressHttps.enabled📜

Type: bool

Default value
true

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://sonarqube-sonarqube:9000"

bbtests.cypress.envs.cypress_url_setup📜

Type: string

Default value
"http://sonarqube-sonarqube:9000/setup"

bbtests.cypress.envs.cypress_user📜

Type: string

Default value
"admin"

bbtests.cypress.envs.cypress_password📜

Type: string

Default value
"admin"

bbtests.cypress.envs.cypress_new_password📜

Type: string

Default value
"New_admin_password!2"

bbtests.cypress.envs.cypress_timeout📜

Type: string

Default value
"10000"