Created
March 11, 2021 09:10
-
-
Save mysticrenji/dd15e7c7b403b363875f67f4f7cb44f2 to your computer and use it in GitHub Desktop.
Sonarqube Helm Chart Values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Default values for sonarqube. | |
# This is a YAML-formatted file. | |
# Declare variables to be passed into your templates. | |
replicaCount: 1 | |
# This will use the default deployment strategy unless it is overriden | |
deploymentStrategy: {} | |
# Uncomment this to scheduler pods on priority | |
# priorityClassName: "high-priority" | |
## Use an alternate scheduler, e.g. "stork". | |
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ | |
## | |
# schedulerName: | |
## Is this deployment for OpenShift? If so, we help with SCCs | |
OpenShift: | |
enabled: false | |
createSCC: true | |
image: | |
repository: sonarqube | |
tag: 8.5.1-community | |
pullPolicy: IfNotPresent | |
# If using a private repository, the name of the imagePullSecret to use | |
# pullSecret: my-repo-secret | |
# Set security context for sonarqube pod | |
securityContext: | |
fsGroup: 1000 | |
# Set security context for sonarqube container | |
containerSecurityContext: | |
# Sonarqube dockerfile creates sonarqube user as UID and GID 1000 | |
runAsUser: 1000 | |
# Settings to configure elasticsearch host requirements | |
elasticsearch: | |
# DEPRECATED: Use initSysctl.enabled instead | |
configureNode: true | |
bootstrapChecks: true | |
service: | |
type: LoadBalancer | |
externalPort: 80 | |
internalPort: 9000 | |
labels: | |
annotations: {} | |
# May be used in example for internal load balancing in GCP: | |
# cloud.google.com/load-balancer-type: Internal | |
# loadBalancerSourceRanges: | |
# - 0.0.0.0/0 | |
# loadBalancerIP: 1.2.3.4 | |
ingress: | |
enabled: false | |
# Used to create an Ingress record. | |
hosts: | |
- name: sonarqube-devops.southeastasia.cloudapp.azure.com | |
# Different clouds or configurations might need /* as the default path | |
path: /* | |
# For additional control over serviceName and servicePort | |
# serviceName: someService | |
# servicePort: somePort | |
annotations: | |
kubernetes.io/ingress.class: nginx | |
ingress.kubernetes.io/proxy-body-size: "20M" | |
nginx.ingress.kubernetes.io/ssl-redirect: "true" | |
nginx.ingress.kubernetes.io/proxy-body-size: "20m" | |
cert-manager.io/cluster-issuer: tls-secret | |
# kubernetes.io/tls-acme: "true" | |
# This property allows for reports up to a certain size to be uploaded to SonarQube | |
# nginx.ingress.kubernetes.io/proxy-body-size: "8m" | |
# Additional labels for Ingress manifest file | |
# labels: | |
# traffic-type: external | |
# traffic-type: internal | |
tls: | |
# Secrets must be manually created in the namespace. | |
- secretName: tls-secret | |
hosts: | |
- sonarqube-devops.southeastasia.cloudapp.azure.com | |
# Affinity for pod assignment | |
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity | |
affinity: {} | |
# Tolerations for pod assignment | |
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | |
tolerations: [] | |
# Node labels for pod assignment | |
# Ref: https://kubernetes.io/docs/user-guide/node-selection/ | |
nodeSelector: {} | |
# hostAliases allows the modification of the hosts file inside a container | |
hostAliases: [] | |
# - ip: "192.168.1.10" | |
# hostnames: | |
# - "example.com" | |
# - "www.example.com" | |
readinessProbe: | |
initialDelaySeconds: 60 | |
periodSeconds: 30 | |
failureThreshold: 6 | |
# If an ingress *path* other than the root (/) is defined, it should be reflected here | |
# A trailing "/" must be included | |
#sonarWebContext: / | |
# sonarWebContext: /sonarqube/ | |
livenessProbe: | |
initialDelaySeconds: 60 | |
periodSeconds: 30 | |
# If an ingress *path* other than the root (/) is defined, it should be reflected here | |
# A trailing "/" must be included | |
#sonarWebContext: /sonarqube/ | |
# sonarWebContext: /sonarqube/ | |
# If an ingress *path* is defined, it should be reflected here | |
# sonar.web.context: /sonarqube | |
initContainers: | |
# image: busybox:1.32 | |
# We allow the init containers to have a separate security context declaration because | |
# the initContainer may not require the same as SonarQube. | |
# securityContext: {} | |
# We allow the init containers to have a separate resources declaration because | |
# the initContainer does not take as much resources. | |
resources: {} | |
extraInitContainers: {} | |
# Extra init containers to e.g. download required artifacts | |
# - name: "prometheus-exporter-downloader" | |
# image: "busybox" | |
# imagePullPolicy: "IfNotPresent" | |
# securityContext: | |
# runAsNonRoot: true | |
# command: | |
# - wget | |
# - "-O" | |
# - "/downloads/jmx_prometheus_javaagent.jar" | |
# - ${JMX_EXPORTER_URL} | |
# volumeMounts: | |
# - name: "downloads" | |
# mountPath: "/downloads" | |
## Provide a secret containing one or more certificate files in the keys that will be added to cacerts | |
## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS | |
## | |
# caCerts: | |
# image: adoptopenjdk/openjdk11:alpine | |
# secret: my-secret | |
initSysctl: | |
enabled: true | |
vmMaxMapCount: 524288 | |
fsFileMax: 131072 | |
nofile: 131072 | |
nproc: 8192 | |
# image: busybox:1.32 | |
securityContext: | |
privileged: true | |
# resources: {} | |
# List of plugins to install. | |
# For example: | |
# plugins: | |
# install: | |
# - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar" | |
# - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" | |
plugins: | |
install: [] | |
lib: [] | |
# For use behind a corporate proxy when downloading plugins | |
# httpProxy: "" | |
# httpsProxy: "" | |
# noProxy: "" | |
# image: rjkernick/alpine-wget:latest | |
# resources: {} | |
# .netrc secret file with a key "netrc" to use basic auth while downloading plugins | |
# netrcCreds: "" | |
# Set to true to not validate the server's certificate to download plugin | |
noCheckCertificate: false | |
## Values to add to SONARQUBE_WEB_JVM_OPTS | |
## | |
# jvmOpts: "-Djava.net.preferIPv4Stack=true" | |
jvmOpts: "" | |
## Environment variables to attach to the pods | |
## | |
# env: | |
# - name: VARIABLE | |
# value: my-value | |
# Set annotations for pods | |
annotations: {} | |
resources: {} | |
# We usually recommend not to specify default resources and to leave this as a conscious | |
# choice for the user. This also increases chances charts run on environments with little | |
# resources, such as Minikube. If you do want to specify resources, uncomment the following | |
# lines, adjust them as necessary, and remove the curly braces after 'resources:'. | |
# limits: | |
# cpu: 100m | |
# memory: 128Mi | |
# requests: | |
# cpu: 100m | |
# memory: 128Mi | |
persistence: | |
enabled: true | |
## Set annotations on pvc | |
annotations: {} | |
## Specify an existing volume claim instead of creating a new one. | |
## When using this option all following options like storageClass, accessMode and size are ignored. | |
# existingClaim: | |
## If defined, storageClassName: <storageClass> | |
## If set to "-", storageClassName: "", which disables dynamic provisioning | |
## If undefined (the default) or set to null, no storageClassName spec is | |
## set, choosing the default provisioner. (gp2 on AWS, standard on | |
## GKE, AWS & OpenStack) | |
## | |
storageClass: default | |
accessMode: ReadWriteOnce | |
size: 20Gi | |
## Specify extra volumes. Refer to ".spec.volumes" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/ | |
volumes: [] | |
## Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/ | |
mounts: [] | |
# In case you want to specify different resources for emptyDir than {} | |
emptyDir: {} | |
# Example of resouces that might be used: | |
# medium: Memory | |
# sizeLimit: 16Mi | |
# A custom sonar.properties file can be provided via dictionary. | |
# For example: | |
# sonarProperties: | |
# sonar.forceAuthentication: true | |
# sonar.security.realm: LDAP | |
# ldap.url: ldaps://organization.com | |
# Additional sonar properties to load from a secret with a key "secret.properties" (must be a string) | |
# sonarSecretProperties: | |
# Kubernetes secret that contains the encryption key for the sonarqube instance. | |
# The secret must contain the key 'sonar-secret.txt'. | |
# The 'sonar.secretKeyPath' property will be set automatically. | |
# sonarSecretKey: "settings-encryption-secret" | |
## JDBC Database Type; by default postgresql. To use a different Database type, adjust | |
jdbcDatabaseType: postgresql | |
## Override JDBC URL | |
# jdbcUrlOverride: "jdbc:postgresql://myPostgress/myDatabase;socketTimeout=1500" | |
## Configuration values for postgresql dependency | |
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md | |
postgresql: | |
# Enable to deploy the PostgreSQL chart | |
enabled: true | |
# To use an external PostgreSQL instance, set enabled to false and uncomment | |
# the line below: | |
# postgresqlServer: "" | |
# To use an external secret for the password for an external PostgreSQL | |
# instance, set enabled to false and provide the name of the secret on the | |
# line below: | |
# existingSecret: "" | |
postgresqlUsername: "postgres" | |
postgresqlPassword: "Testing!1" | |
postgresqlDatabase: "sonarDB" | |
# Specify the TCP port that PostgreSQL should use | |
service: | |
port: 5432 | |
resources: | |
limits: | |
cpu: 2 | |
memory: 2Gi | |
requests: | |
cpu: 100m | |
memory: 200Mi | |
persistence: | |
enabled: true | |
accessMode: ReadWriteOnce | |
size: 20Gi | |
storageClass: default | |
securityContext: | |
# For standard Kubernetes deployment, set enabled=true | |
# If using OpenShift, enabled=false for restricted SCC and enabled=true for anyuid/nonroot SCC | |
enabled: true | |
# fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. | |
# postgresql dockerfile sets user as 1001 | |
fsGroup: 1001 | |
runAsUser: 1001 | |
volumePermissions: | |
# For standard Kubernetes deployment, set enabled=false | |
# For OpenShift, set enabled=true and ensure to set volumepermissions.securitycontext.runAsUser below. | |
enabled: false | |
# if using restricted SCC set runAsUser: "auto" and if running under anyuid/nonroot SCC - runAsUser needs to match runAsUser above | |
securityContext: | |
runAsUser: 0 | |
shmVolume: | |
chmod: | |
enabled: false | |
serviceAccount: | |
## If enabled = true, and name is not set, postgreSQL will create a serviceAccount | |
enabled: false | |
# name: | |
# Additional labels to add to the pods: | |
# podLabels: | |
# key: value | |
podLabels: {} | |
# For compatibility with 8.0 replace by "/opt/sq" | |
# For compatibility with 8.2, leave the default. They changed it back to /opt/sonarqube | |
sonarqubeFolder: /opt/sonarqube | |
tests: | |
enabled: true | |
# image: bitnami/minideb-extras | |
serviceAccount: | |
create: false | |
# name: | |
## Annotations for the Service Account | |
annotations: {} | |
# extraConfig is used to load Environment Variables from Secrets and ConfigMaps | |
# which may have been written by other tools, such as external orchestrators. | |
# | |
# These Secrets/ConfigMaps are expected to contain Key/Value pairs, such as: | |
# | |
# apiVersion: v1 | |
# kind: ConfigMap | |
# metadata: | |
# name: external-sonarqube-opts | |
# data: | |
# SONARQUBE_JDBC_USERNAME: foo | |
# SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar | |
# | |
# These vars can then be injected into the environment by uncommenting the following: | |
# | |
# extraConfig: | |
# configmaps: | |
# - external-sonarqube-opts | |
extraConfig: | |
secrets: [] | |
configmaps: [] | |
# account: | |
# adminPassword: admin | |
# currentAdminPassword: admin | |
# curlContainerImage: curlimages/curl:latest | |
terminationGracePeriodSeconds: 60 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment