sonarqube values.yaml📜
replicaCount📜
Type: int
Default value
1
sso.enabled📜
Type: bool
Default value
false
sso.name📜
Type: string
Default value
""
sso.applicationid📜
Type: string
Default value
""
sso.providerid📜
Type: string
Default value
""
sso.loginUrl📜
Type: string
Default value
""
sso.secured📜
Type: string
Default value
""
sso.serverBaseURL📜
Type: string
Default value
""
sso.idpmetadataurl📜
Type: string
Default value
""
sso.image📜
Type: string
Default value
""
sso.resources.limits.cpu📜
Type: string
Default value
"100m"
sso.resources.limits.memory📜
Type: string
Default value
"256Mi"
sso.resources.requests.cpu📜
Type: string
Default value
"100m"
sso.resources.requests.memory📜
Type: string
Default value
"256Mi"
sso.containerSecurityContext.enabled📜
Type: bool
Default value
true
sso.containerSecurityContext.fsGroup📜
Type: int
Default value
26
sso.containerSecurityContext.runAsUser📜
Type: int
Default value
26
sso.containerSecurityContext.runAsGroup📜
Type: int
Default value
26
sso.containerSecurityContext.capabilities.drop[0]📜
Type: string
Default value
"ALL"
upstream📜
Type: object
Default value
community:
buildNumber: 25.10.0.114319
enabled: true
containerSecurityContext:
capabilities:
drop:
- ALL
runAsGroup: 1000
env:
- name: JDK_JAVA_OPTIONS
value: -Dcom.redhat.fips=false
fullnameOverride: sonarqube-sonarqube
image:
pullSecrets: []
repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build
tag: 25.10.0.114319-community
initContainers:
image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
readOnlyRootFilesystem: true
resources:
limits:
cpu: 50m
memory: 300Mi
requests:
cpu: 50m
memory: 300Mi
securityContext:
runAsGroup: 1000
initFs:
enabled: false
initSysctl:
enabled: false
securityContext:
capabilities:
drop:
- ALL
livenessProbe:
exec:
command:
- sh
- -c
- 'curl --silent --fail --output /dev/null --max-time {{ .Values.livenessProbe.timeoutSeconds
\| default 1 }} --header "X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE"
"http://localhost:{{ .Values.service.internalPort }}{{ .Values.livenessProbe.sonarWebContext
\| default (include "sonarqube.webcontext" .) }}api/system/liveness"
'
monitoringPasscode: define_it
nameOverride: sonarqube
nginx:
enabled: false
persistence:
size: 20Gi
plugins:
image: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube-community-build:25.8.0.112029-community
postgresql:
auth:
database: sonarDB
enablePostgresUser: true
password: sonarPass
username: sonarUser
enabled: true
image:
pullSecrets:
- private-registry
registry: registry1.dso.mil
repository: ironbank/opensource/postgres/postgresql
tag: '16.2'
postgresqlDatabase: sonarDB
postgresqlPassword: sonarPass
postgresqlUsername: sonarUser
primary:
extraEnvVars:
- name: POSTGRES_DB
value: sonarDB
extraVolumeMounts:
- mountPath: /var/run/postgresql
name: runtime
extraVolumes:
- emptyDir: {}
name: runtime
persistence:
mountPath: /var/lib/postgresql
size: 20Gi
prometheusExporter:
downloadURL: file:///opt/jmx_exporter/jmx_prometheus_javaagent-1.0.1.jar
image: registry1.dso.mil/ironbank/opensource/prometheus/jmx-exporter:1.0.1
readinessProbe:
exec:
command:
- sh
- -c
- "#!/bin/bash
# A Sonarqube container is considered ready if the status is UP,\
\ DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are\
\ added to prevent the node to be kill while sonarqube is upgrading the database.
\
if curl -s http://localhost:{{ .Values.service.internalPort }}{{ .Values.readinessProbe.sonarWebContext\
\ \\| default (include \"sonarqube.webcontext\" .) }}api/system/status\
\ \\| grep -q -e '\"status\":\"UP\"' -e '\"status\":\"DB_MIGRATION_NEEDED\"\
' -e '\"status\":\"DB_MIGRATION_RUNNING\"'; then
exit 0
fi
exit 1
"
timeoutSeconds: 90
resources:
limits:
cpu: 1000m
requests:
cpu: 500m
securityContext:
fsGroup: 1000
runAsGroup: 1000
runAsUser: 1000
serviceAccount:
create: true
sonarProperties:
sonar.ce.javaAdditionalOpts: -Dcom.redhat.fips=false
sonar.forceAuthentication: true
sonar.search.javaAdditionalOpts: -Dcom.redhat.fips=false
sonar.web.javaAdditionalOpts: -Dcom.redhat.fips=false
tests:
enabled: false
image: bitnami/minideb-extras
resources: {}
waitForDb:
image: registry1.dso.mil/ironbank/opensource/postgres/postgresql:16.2
Description: We are exposing only the keys that BigBang overrides from the upstream chart. Please refer to the upstream chart for other value configs.
curlContainerImage📜
Type: string
Default value
"registry1.dso.mil/ironbank/redhat/ubi/ubi9:9.6"
domain📜
Type: string
Default value
"dev.bigbang.mil"
istio.enabled📜
Type: bool
Default value
false
istio.hardened.enabled📜
Type: bool
Default value
false
istio.hardened.customAuthorizationPolicies📜
Type: list
Default value
[]
istio.hardened.outboundTrafficPolicyMode📜
Type: string
Default value
"REGISTRY_ONLY"
istio.hardened.customServiceEntries📜
Type: list
Default value
[]
istio.hardened.tempo.enabled📜
Type: bool
Default value
true
istio.hardened.tempo.namespaces[0]📜
Type: string
Default value
"tempo"
istio.hardened.tempo.principals[0]📜
Type: string
Default value
"cluster.local/ns/tempo/sa/tempo-tempo"
istio.hardened.monitoring.enabled📜
Type: bool
Default value
true
istio.hardened.monitoring.namespaces[0]📜
Type: string
Default value
"monitoring"
istio.hardened.monitoring.principals[0]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]📜
Type: string
Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.mtls📜
Type: object
Default value
mode: STRICT
Description: Default argocd peer authentication
istio.mtls.mode📜
Type: string
Default value
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.sonarqube.enabled📜
Type: bool
Default value
true
istio.sonarqube.annotations📜
Type: object
Default value
{}
istio.sonarqube.labels📜
Type: object
Default value
{}
istio.sonarqube.gateways[0]📜
Type: string
Default value
"istio-system/main"
istio.sonarqube.hosts[0]📜
Type: string
Default value
"sonarqube.{{ .Values.domain }}"
istio.injection📜
Type: string
Default value
"disabled"
monitoring.enabled📜
Type: bool
Default value
false
networkPolicies.enabled📜
Type: bool
Default value
false
networkPolicies.ingressLabels.app📜
Type: string
Default value
"istio-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
Default value
"ingressgateway"
networkPolicies.egressHttps.enabled📜
Type: bool
Default value
true
networkPolicies.additionalPolicies📜
Type: list
Default value
[]
bbtests.enabled📜
Type: bool
Default value
false
bbtests.cypress.artifacts📜
Type: bool
Default value
true
bbtests.cypress.envs.cypress_url📜
Type: string
Default value
"http://sonarqube-sonarqube:9000"
bbtests.cypress.envs.cypress_url_setup📜
Type: string
Default value
"http://sonarqube-sonarqube:9000/setup"
bbtests.cypress.envs.cypress_user📜
Type: string
Default value
"admin"
bbtests.cypress.envs.cypress_password📜
Type: string
Default value
"admin"
bbtests.cypress.envs.cypress_new_password📜
Type: string
Default value
"New_admin_password!2"
bbtests.cypress.envs.cypress_timeout📜
Type: string
Default value
"10000"