forked from SonarSource/helm-chart-sonarqube
-
Notifications
You must be signed in to change notification settings - Fork 0
/
values.yaml
417 lines (365 loc) · 12.9 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
# Default values for sonarqube.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
deploymentType: "StatefulSet"
# If the deployment Type is set to Deployment sonarqube is deployed as a replica set
# There should not be more than 1 sonarqube instance connected to the same database
replicaCount: 1
# This will use the default deployment strategy unless it is overriden
deploymentStrategy: {}
# Uncomment this to scheduler pods on priority
# priorityClassName: "high-priority"
## Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
# schedulerName:
## Is this deployment for OpenShift? If so, we help with SCCs
OpenShift:
enabled: false
createSCC: true
image:
repository: sonarqube
tag: 8.9.10-community
pullPolicy: IfNotPresent
# If using a private repository, the name of the imagePullSecret to use
# pullSecret: my-repo-secret
# Set security context for sonarqube pod
securityContext:
fsGroup: 1000
# Set security context for sonarqube container
containerSecurityContext:
# Sonarqube dockerfile creates sonarqube user as UID and GID 1000
runAsUser: 1000
# Settings to configure elasticsearch host requirements
elasticsearch:
# DEPRECATED: Use initSysctl.enabled instead
configureNode: true
bootstrapChecks: true
# also install the nginx ingress helm chart
nginx:
enabled: false
service:
type: ClusterIP
externalPort: 9000
internalPort: 9000
labels:
annotations: {}
# May be used in example for internal load balancing in GCP:
# cloud.google.com/load-balancer-type: Internal
# loadBalancerSourceRanges:
# - 0.0.0.0/0
# loadBalancerIP: 1.2.3.4
ingress:
enabled: false
# Used to create an Ingress record.
hosts:
- name: sonarqube.your-org.com
# Different clouds or configurations might need /* as the default path
path: /
# For additional control over serviceName and servicePort
# serviceName: someService
# servicePort: somePort
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# This property allows for reports up to a certain size to be uploaded to SonarQube
# nginx.ingress.kubernetes.io/proxy-body-size: "8m"
# Additional labels for Ingress manifest file
# labels:
# traffic-type: external
# traffic-type: internal
tls: []
# Secrets must be manually created in the namespace. To generate a self-signed certificate (and private key) and then create the secret in the cluster please refer to official documentation available at https://kubernetes.github.io/ingress-nginx/user-guide/tls/#tls-secrets
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
# taint a node with the following command to mark it as not schedulable for new pods
# kubectl taint nodes <node> sonarqube=true:NoSchedule
# The following statement will tolerate this taint and as such reverse a node for sonarqube
tolerations: []
# - key: "sonarqube"
# operator: "Equal"
# value: "true"
# effect: "NoSchedule"
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
# add a label to a node with the following command
# kubectl label node <node> sonarqube=true
nodeSelector: {}
# sonarqube: "true"
# hostAliases allows the modification of the hosts file inside a container
hostAliases: []
# - ip: "192.168.1.10"
# hostnames:
# - "example.com"
# - "www.example.com"
readinessProbe:
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
# If an ingress *path* other than the root (/) is defined, it should be reflected here
# A trailing "/" must be included
sonarWebContext: /
# sonarWebContext: /sonarqube/
livenessProbe:
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
# If an ingress *path* other than the root (/) is defined, it should be reflected here
# A trailing "/" must be included
sonarWebContext: /
# sonarWebContext: /sonarqube/
# If an ingress *path* is defined, it should be reflected here
# sonar.web.context: /sonarqube
startupProbe:
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 24
# If an ingress *path* other than the root (/) is defined, it should be reflected here
# A trailing "/" must be included
sonarWebContext: /
# sonarWebContext: /sonarqube/
initContainers:
# image: busybox:1.32
# We allow the init containers to have a separate security context declaration because
# the initContainer may not require the same as SonarQube.
# securityContext: {}
# We allow the init containers to have a separate resources declaration because
# the initContainer does not take as much resources.
resources: {}
extraInitContainers: {}
# Extra init containers to e.g. download required artifacts
## Provide a secret containing one or more certificate files in the keys that will be added to cacerts
## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS
##
## caCerts:
# image: adoptopenjdk/openjdk11:alpine
# secret: your-secret
initSysctl:
enabled: true
vmMaxMapCount: 524288
fsFileMax: 131072
nofile: 131072
nproc: 8192
# image: busybox:1.32
securityContext:
privileged: true
# resources: {}
initFs:
enabeld: true
# image: busybox:1.32
securityContext:
privileged: true
prometheusExporter:
enabled: true
# jmx_prometheus_javaagent version to download from Maven Central
version: "0.15.0"
# Alternative full download URL for the jmx_prometheus_javaagent.jar (overrides prometheusExporter.version)
# downloadURL: ""
# if you need to ignore TLS certificates for whatever reason enable the following flag
noCheckCertificate: false
# Ports for the jmx prometheus agent to export metrics at
webBeanPort: 8000
ceBeanPort: 8001
config:
rules:
- pattern: ".*"
# Overrides config for the CE process Prometheus exporter (by default, the same rules are used for both the Web and CE processes).
# ceConfig:
# rules:
# - pattern: ".*"
# image: curlimages/curl:7.76.1
# For use behind a corporate proxy when downloading prometheus
# httpProxy: ""
# httpsProxy: ""
# noProxy: ""
# Setting the security context to root as the /data volume is owned by root at this stage
securityContext:
runAsUser: 0
runAsGroup: 0
# List of plugins to install.
# For example:
# plugins:
# install:
# - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar"
# - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar"
plugins:
install: []
lib: []
# image: rjkernick/alpine-wget:latest
# resources: {}
# .netrc secret file with a key "netrc" to use basic auth while downloading plugins
# netrcCreds: ""
# Set to true to not validate the server's certificate to download plugin
noCheckCertificate: false
securityContext:
runAsUser: 1000
runAsGroup: 1000
## Values to add to SONARQUBE_WEB_JVM_OPTS
##
# jvmOpts: "-Djava.net.preferIPv4Stack=true"
jvmOpts: ""
## Values to add to SONAR_CE_JAVAOPTS
jvmCeOpts: ""
## a monitoring passcode needs to be defined in order to get reasonable probe results
# not setting the monitoring passcode will result in a deployment that will never be ready
monitoringPasscode: "define_it"
## Environment variables to attach to the pods
##
# env:
# - name: VARIABLE
# value: my-value
# Set annotations for pods
annotations: {}
## We usually don't make specific ressource recommandations, as they are heavily dependend on
## The usage of SonarQube and the surrounding infrastructure.
## Adjust these values to your needs, but make sure that the memory limit is never under 4 GB
resources:
limits:
cpu: 800m
memory: 4096M
requests:
cpu: 400m
memory: 2Gi
persistence:
enabled: false
## Set annotations on pvc
annotations: {}
## Specify an existing volume claim instead of creating a new one.
## When using this option all following options like storageClass, accessMode and size are ignored.
# existingClaim:
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass:
accessMode: ReadWriteOnce
size: 5Gi
uid: 1000
## Specify extra volumes. Refer to ".spec.volumes" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/
volumes: []
## Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/
mounts: []
# In case you want to specify different resources for emptyDir than {}
emptyDir: {}
# Example of resouces that might be used:
# medium: Memory
# sizeLimit: 16Mi
# A custom sonar.properties file can be provided via dictionary.
# For example:
# sonarProperties:
# sonar.forceAuthentication: true
# sonar.security.realm: LDAP
# ldap.url: ldaps://organization.com
# Additional sonar properties to load from a secret with a key "secret.properties" (must be a string)
# sonarSecretProperties:
# Kubernetes secret that contains the encryption key for the sonarqube instance.
# The secret must contain the key 'sonar-secret.txt'.
# The 'sonar.secretKeyPath' property will be set automatically.
# sonarSecretKey: "settings-encryption-secret"
## JDBC Database Type; by default postgresql. To use a different Database type, adjust
jdbcDatabaseType: postgresql
## Override JDBC URL
# jdbcUrlOverride: "jdbc:postgresql://myPostgress/myDatabase;socketTimeout=1500"
## Configuration values for postgresql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
postgresql:
# Enable to deploy the PostgreSQL chart
enabled: true
# To use an external PostgreSQL instance, set enabled to false and uncomment
# the line below:
# postgresqlServer: ""
# To use an external secret for the password for an external PostgreSQL
# instance, set enabled to false and provide the name of the secret on the
# line below:
# existingSecret: ""
# existingSecretPasswordKey: "postgresql-password"
postgresqlUsername: "sonarUser"
postgresqlPassword: "sonarPass"
postgresqlDatabase: "sonarDB"
# Specify the TCP port that PostgreSQL should use
service:
port: 5432
resources:
limits:
cpu: 2
memory: 2Gi
requests:
cpu: 100m
memory: 200Mi
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 20Gi
storageClass:
securityContext:
# For standard Kubernetes deployment, set enabled=true
# If using OpenShift, enabled=false for restricted SCC and enabled=true for anyuid/nonroot SCC
enabled: true
# fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully.
# postgresql dockerfile sets user as 1001
fsGroup: 1001
runAsUser: 1001
volumePermissions:
# For standard Kubernetes deployment, set enabled=false
# For OpenShift, set enabled=true and ensure to set volumepermissions.securitycontext.runAsUser below.
enabled: false
# if using restricted SCC set runAsUser: "auto" and if running under anyuid/nonroot SCC - runAsUser needs to match runAsUser above
securityContext:
runAsUser: 0
shmVolume:
chmod:
enabled: false
serviceAccount:
## If enabled = true, and name is not set, postgreSQL will create a serviceAccount
enabled: false
# name:
# Additional labels to add to the pods:
# podLabels:
# key: value
podLabels: {}
# For compatibility with 8.0 replace by "/opt/sq"
# For compatibility with 8.2, leave the default. They changed it back to /opt/sonarqube
sonarqubeFolder: /opt/sonarqube
tests:
enabled: true
# image: bitnami/minideb-extras
serviceAccount:
create: false
# name:
## Annotations for the Service Account
annotations: {}
# extraConfig is used to load Environment Variables from Secrets and ConfigMaps
# which may have been written by other tools, such as external orchestrators.
#
# These Secrets/ConfigMaps are expected to contain Key/Value pairs, such as:
#
# apiVersion: v1
# kind: ConfigMap
# metadata:
# name: external-sonarqube-opts
# data:
# SONARQUBE_JDBC_USERNAME: foo
# SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar
#
# These vars can then be injected into the environment by uncommenting the following:
#
# extraConfig:
# configmaps:
# - external-sonarqube-opts
extraConfig:
secrets: []
configmaps: []
# account:
# adminPassword: admin
# currentAdminPassword: admin
# curlContainerImage: curlimages/curl:latest
# adminJobAnnotations: {}
terminationGracePeriodSeconds: 60