Through this integration, you can ensure your instance is running properly and know if you need to take action to prevent future issues. You can monitor your SonarQube instance using SonarQube's native integration with Prometheus. # For additional control over serviceName and servicePort # Different clouds or configurations might need /* as the default path This can be achieved with the following changes to your values.yaml: ingress: We recommend using the ingress-class NGINX with a body size of at least 64MB. If you want to install NGINX as well, add the following to your values.yaml. If you already have NGINX-ingress present in your cluster, you can use it. The SonarSource Helm chart has an optional dependency on the NGINX-ingress helm chart. See the following section for help with creating one. Creating a new ingress is also covered by the Helm chart. To make the SonarQube service accessible from outside of your cluster, you most likely need an ingress. Then, create the secret in your Kubernetes cluster with the following command: kubectl apply -f secret.yaml Ingress Creation The Base64 encoded certificate can be added to the secret's data: apiVersion: v1 Note that you can also use string-data here if you don't want to encode your certificate. This certificate needs to be Base64 encoded in order to be added as secret data. If you already have a running installation of your code repository platform, you can extract the certificate with the following snippet using openssl echo -n | openssl s_client -connect :443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem To enable this behavior, add the following to your value.yaml file: caCerts: When you're working with your own CA or in an environment that uses self-signed certificates for your code repository platform, you can create a secret containing this certificate and add this certificate to the Java truststore inside the SonarQube deployment directly during the deployment. Leaving persistency disabled results in a longer startup time until SonarQube is fully available, but you won't lose any data as SonarQube will persist all data in the database. You can enable persistency by adding the following to the values.yaml: persistence: By default, persistency is disabled in the Helm chart.Įnabling persistency decreases the startup time of the SonarQube Pod significantly, but you are risking corrupting your Elasticsearch index. There is an option to persist the Elasticsearch indexes in a Persistent Volume, but with regular killing operations by the Kubernetes Cluster, these indexes can be corrupted. SonarQube comes with a bundled Elasticsearch and, as Elasticsearch is stateful, so is SonarQube. Helm upgrade -install -n sonarqube sonarqube sonarqube/sonarqube Persistency To install the Helm Chart from our Helm Repository, you can use the following commands: helm repo add sonarqube The "sonarqube-postgresql", "wait-for-db", "init-sysctl", and "sonarqube" containers require securit圜ontext.allowPrivilegeEscalation=true, unrestricted capabilities, running as root, and a seccompProfile different from "RuntimeDefault" or "Localhost".The "init-sysctl" container requires securit圜ontext.privileged=true. The following Pod Security levels cannot be used in combination with SonarQube's chart: There is a dedicated helm chart for the LTS version of SonarQube that follows the same patch policy as the application, while also being compatible with the supported versions of Kubernetes. The SonarQube helm chart should only be used with the latest version of SonarQube and a supported version of Kubernetes. When you want to operate SonarQube on Kubernetes, consider the following recommendations. Your feedback is welcome at our community forum. You can find the SonarQube Helm chart on GitHub. For information on deploying the Data Center Edition of SonarQube on Kubernetes, see this documentation. This part of the Documentation is only valid for Community, Developer, and Enterprise Editions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |