feat: Sonarqube addon

.gitlab-ci.yml

@@ -388,4 +388,4 @@ release:
         --assets-link "{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}" \
         --assets-link "{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}"
 
-#-----------------------------------------------------------------------------------------------------------------------
\ No newline at end of file
+#-----------------------------------------------------------------------------------------------------------------------

Packages.md

@@ -29,3 +29,4 @@
 | ----    | ---  |
 | [Gitlab](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab)  | ![Gitlab Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/badges/main/pipeline.svg)    |
 | [Gitlab Runner](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  ![Gitlab Runner Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/badges/main/pipeline.svg) |
+| [Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube) |  ![Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/badges/main/pipeline.svg) |

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 1.0.7
+version: 1.0.8

chart/templates/sonarqube/gitrepository.yaml

+{{- if and (not .Values.offline) .Values.addons.sonarqube.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: sonarqube
+  namespace: {{ .Release.Namespace }}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.addons.sonarqube.git.repo }}
+  ref:
+    {{- include "validRef" .Values.addons.sonarqube.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" .Values.git | nindent 2 }}
+{{- end }}

chart/templates/sonarqube/namespace.yaml

+{{- if .Values.addons.sonarqube.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sonarqube
+---
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: sonarqube
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+---
+# create database secret
+{{- if .Values.addons.sonarqube.database.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+    name: sonarqube-db-secret
+    namespace: sonarqube
+type: kubernetes.io/opaque
+stringData:
+    postgresql-password: {{ .Values.addons.sonarqube.database.password }}
+{{- end }}
+{{- end }}

chart/templates/sonarqube/sonarqube-helmrelease.yaml

+{{- if .Values.addons.sonarqube.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: sonarqube
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: sonarqube
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+
+spec:
+  releaseName: sonarqube
+  targetNamespace: sonarqube
+  chart:
+    spec:
+      chart: {{ .Values.addons.sonarqube.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: sonarqube
+        namespace: {{ .Release.Namespace }}
+
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+  
+  valuesFrom:
+    - name: values
+      kind: Secret
+      valuesKey: "sonarqube.yaml"
+
+  values:
+    hostname: {{ .Values.hostname }}
+    istio:
+      enabled: {{ .Values.istio.enabled }}
+    monitoring:
+      enabled: {{ .Values.monitoring.enabled }}
+    {{- if ( include "imagePullSecret" . ) }}
+    ## value for image pull secret
+    image:
+      pullSecret: private-registry
+    {{- end }}
+    # SAML SSO config
+    {{- if .Values.addons.sonarqube.sso.enabled }}
+    sonarProperties:
+      sonar.auth.saml.enabled: {{ .Values.addons.sonarqube.sso.enabled }}
+      sonar.core.serverBaseURL: https://sonarqube.{{ .Values.hostname }}
+      sonar.auth.saml.applicationId: {{ .Values.addons.sonarqube.sso.client_id }}
+      sonar.auth.saml.providerName: {{ .Values.addons.sonarqube.sso.providerName }}
+      sonar.auth.saml.providerId: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}
+      sonar.auth.saml.loginUrl: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/saml
+      sonar.auth.saml.certificate.secured: {{ .Values.addons.sonarqube.sso.certificate }}
+      sonar.auth.saml.user.login: {{ .Values.addons.sonarqube.sso.login }}
+      sonar.auth.saml.user.name: {{ .Values.addons.sonarqube.sso.name }}
+      sonar.auth.saml.user.email: {{ .Values.addons.sonarqube.sso.email }}
+      {{- if .Values.addons.sonarqube.sso.group }}
+      sonar.auth.saml.user.group: {{ .Values.addons.sonarqube.sso.group }}
+      {{- end }}
+    {{- end }}
+    # External Postgres config
+    {{- if .Values.addons.sonarqube.database.enabled }}
+    postgresql:
+      # Set to false for external postgres server
+      enabled: {{ not .Values.addons.sonarqube.database.enabled  }}
+      postgresqlServer: {{ .Values.addons.sonarqube.database.server }}
+      postgresqlDatabase: {{ .Values.addons.sonarqube.database.database }}
+      postgresqlUsername: {{ .Values.addons.sonarqube.database.user }}
+      existingSecret: sonarqube-db-secret
+      service:
+        port: {{ .Values.addons.sonarqube.database.port }}
+    {{- end }}
+  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.monitoring.enabled }}
+  dependsOn:
+  {{- if .Values.gatekeeper.enabled }}
+    - name: gatekeeper
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/values.yaml

@@ -53,4 +53,6 @@ stringData:
 {{ toYaml .Values.addons.gitlab.values | indent 4 }}
   anchore.yaml: |
 {{ toYaml .Values.addons.anchore.values | indent 4 }}
+  sonarqube.yaml: |
+{{ toYaml .Values.addons.sonarqube.values | indent 4 }}
 data:

chart/values.yaml

@@ -257,6 +257,35 @@ addons:
       tag: "0.19.2-bb.2"
     values: {}
 
+  sonarqube:
+    enabled: false
+    git:
+      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
+      path: "./chart"
+      tag: "9.2.6-bb.2"
+    sso:
+      enabled: false
+      client_id: # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
+      providerName: # login as name example: P1 SSO
+      certificate: # SAML sso certificate example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
+      login: # login sso attribute example: login
+      name: # name sso attribute example: name
+      email: # email sso attribute example: email
+      group: # (optional) group sso attribute example: group
+    database:
+      enabled: false
+      server: # postgres location example: postgres.bigbang.dev
+      port: # 5432
+      database: # database name example: sonarDB
+      user: # postgres user example: sonarUser
+      password: # unencoded stringData. This should be put in the secret values
+    objectStorage:
+      enabled: true
+      storageClass:
+      accessMode: ReadWriteOnce
+      size: 10Gi
+    values: {}
+      
   haproxy:
     enabled: false
     git:

scripts/deploy/02_wait_for_helmrealeases.sh

@@ -3,8 +3,7 @@
 set -ex
 
 ## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso anchore"
-
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso anchore sonarqube"
 
 ## This the actual deployed helmrelease objects in the cluster
 DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')
@@ -53,4 +52,4 @@ do
 done
 
 echo "Waiting on Secrets Kustomization"
-kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
\ No newline at end of file
+kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets

tests/ci/k3d/values.yaml

@@ -67,3 +67,5 @@ addons:
       enabled: false
   anchore:
     enabled: true
+  sonarqube:
+    enabled: true