sonarqube values.yaml📜
replicaCount📜
Type: int
1
sso.enabled📜
Type: bool
false
sso.name📜
Type: string
""
sso.applicationid📜
Type: string
""
sso.providerid📜
Type: string
""
sso.loginUrl📜
Type: string
""
sso.secured📜
Type: string
""
sso.serverBaseURL📜
Type: string
""
sso.idpmetadataurl📜
Type: string
""
sso.image📜
Type: string
""
sso.resources.limits.cpu📜
Type: string
"100m"
sso.resources.limits.memory📜
Type: string
"256Mi"
sso.resources.requests.cpu📜
Type: string
"100m"
sso.resources.requests.memory📜
Type: string
"256Mi"
sso.containerSecurityContext.enabled📜
Type: bool
true
sso.containerSecurityContext.fsGroup📜
Type: int
26
sso.containerSecurityContext.runAsUser📜
Type: int
26
sso.containerSecurityContext.runAsGroup📜
Type: int
26
sso.containerSecurityContext.capabilities.drop[0]📜
Type: string
"ALL"
upstream📜
Type: object
community:
  buildNumber: 25.10.0.114319
  enabled: true
containerSecurityContext:
  capabilities:
    drop:
    - ALL
  runAsGroup: 1000
env:
- name: JDK_JAVA_OPTIONS
  value: -Dcom.redhat.fips=false
fullnameOverride: sonarqube-sonarqube
image:
  pullSecrets: []
  repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build
  tag: 25.10.0.114319-community
initContainers:
  image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
  readOnlyRootFilesystem: true
  resources:
    limits:
      cpu: 50m
      memory: 300Mi
    requests:
      cpu: 50m
      memory: 300Mi
  securityContext:
    runAsGroup: 1000
initFs:
  enabled: false
initSysctl:
  enabled: false
  securityContext:
    capabilities:
      drop:
      - ALL
livenessProbe:
  exec:
    command:
    - sh
    - -c
    - 'curl --silent --fail --output /dev/null --max-time {{ .Values.livenessProbe.timeoutSeconds
      \| default 1 }} --header "X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE"
      "http://localhost:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext
      \| default (include "sonarqube.webcontext" .) }}api/system/liveness"
      '
monitoringPasscode: define_it
nameOverride: sonarqube
nginx:
  enabled: false
persistence:
  size: 20Gi
plugins:
  image: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build:25.8.0.112029-community
postgresql:
  auth:
    database: sonarDB
    enablePostgresUser: true
    password: sonarPass
    username: sonarUser
  enabled: true
  image:
    pullSecrets:
    - private-registry
    registry: registry1.dso.mil
    repository: ironbank/opensource/postgres/postgresql
    tag: '16.2'
  postgresqlDatabase: sonarDB
  postgresqlPassword: sonarPass
  postgresqlUsername: sonarUser
  primary:
    extraEnvVars:
    - name: POSTGRES_DB
      value: sonarDB
    extraVolumeMounts:
    - mountPath: /var/run/postgresql
      name: runtime
    extraVolumes:
    - emptyDir: {}
      name: runtime
    persistence:
      mountPath: /var/lib/postgresql
      size: 20Gi
prometheusExporter:
  downloadURL: file:///opt/jmx_exporter/jmx_prometheus_javaagent-1.0.1.jar
  image: registry1.dso.mil/ironbank/opensource/prometheus/jmx-exporter:1.0.1
readinessProbe:
  exec:
    command:
    - sh
    - -c
    - "#!/bin/bash
# A Sonarqube container is considered ready if the status is UP,\
      \ DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are\
      \ added to prevent the node to be kill while sonarqube is upgrading the database.
\
      if curl -s http://localhost:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext\
      \ \\| default (include \"sonarqube.webcontext\" .) }}api/system/status\
      \ \\| grep -q -e '\"status\":\"UP\"' -e '\"status\":\"DB_MIGRATION_NEEDED\"\
      ' -e '\"status\":\"DB_MIGRATION_RUNNING\"'; then
  exit 0
fi
exit 1
"
  timeoutSeconds: 90
resources:
  limits:
    cpu: 1000m
  requests:
    cpu: 500m
securityContext:
  fsGroup: 1000
  runAsGroup: 1000
  runAsUser: 1000
serviceAccount:
  create: true
sonarProperties:
  sonar.ce.javaAdditionalOpts: -Dcom.redhat.fips=false
  sonar.forceAuthentication: true
  sonar.search.javaAdditionalOpts: -Dcom.redhat.fips=false
  sonar.web.javaAdditionalOpts: -Dcom.redhat.fips=false
tests:
  enabled: false
  image: bitnami/minideb-extras
  resources: {}
waitForDb:
  image: registry1.dso.mil/ironbank/opensource/postgres/postgresql:16.2
Description: We are exposing only the keys that BigBang overrides from the upstream chart. Please refer to the upstream chart for other value configs.
curlContainerImage📜
Type: string
"registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.6"
domain📜
Type: string
"dev.bigbang.mil"
istio.enabled📜
Type: bool
false
istio.hardened.enabled📜
Type: bool
false
istio.hardened.customAuthorizationPolicies📜
Type: list
[]
istio.hardened.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.hardened.customServiceEntries📜
Type: list
[]
istio.hardened.tempo.enabled📜
Type: bool
true
istio.hardened.tempo.namespaces[0]📜
Type: string
"tempo"
istio.hardened.tempo.principals[0]📜
Type: string
"cluster.local/ns/tempo/sa/tempo-tempo"
istio.hardened.monitoring.enabled📜
Type: bool
true
istio.hardened.monitoring.namespaces[0]📜
Type: string
"monitoring"
istio.hardened.monitoring.principals[0]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.mtls📜
Type: object
mode: STRICT
Description: Default argocd peer authentication
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.sonarqube.enabled📜
Type: bool
true
istio.sonarqube.annotations📜
Type: object
{}
istio.sonarqube.labels📜
Type: object
{}
istio.sonarqube.gateways[0]📜
Type: string
"istio-system/main"
istio.sonarqube.hosts[0]📜
Type: string
"sonarqube.{{ .Values.domain }}"
istio.injection📜
Type: string
"disabled"
monitoring.enabled📜
Type: bool
false
networkPolicies.enabled📜
Type: bool
false
networkPolicies.ingressLabels.app📜
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
"ingressgateway"
networkPolicies.egressHttps.enabled📜
Type: bool
true
networkPolicies.additionalPolicies📜
Type: list
[]
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://sonarqube-sonarqube:9000"
bbtests.cypress.envs.cypress_url_setup📜
Type: string
"http://sonarqube-sonarqube:9000/setup"
bbtests.cypress.envs.cypress_user📜
Type: string
"admin"
bbtests.cypress.envs.cypress_password📜
Type: string
"admin"
bbtests.cypress.envs.cypress_new_password📜
Type: string
"New_admin_password!2"
bbtests.cypress.envs.cypress_timeout📜
Type: string
"10000"