diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 00051c839d6e35f85f02321b9f9cec52d68df10a..a4b5df8e2880db686d97ab25a9c5bbe2a9e276cd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -388,4 +388,4 @@ release:
--assets-link "{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}" \
--assets-link "{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}"
-#-----------------------------------------------------------------------------------------------------------------------
\ No newline at end of file
+#-----------------------------------------------------------------------------------------------------------------------
diff --git a/Packages.md b/Packages.md
index eed0978b74976abb9b735d3bd87350cc6eebedb8..80f55fd3c3d53f98e168fec3d44cc806b3c739b5 100644
--- a/Packages.md
+++ b/Packages.md
@@ -29,3 +29,4 @@
| ---- | --- |
| [Gitlab](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab) |  |
| [Gitlab Runner](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  |
+| [Sonarqube](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube) |  |
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 6364dbd2ae1c2f61b67872dc1b144343939fee51..105935915ab22526aeeac73cad4043ebfaef55e9 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,3 +1,3 @@
apiVersion: v2
name: bigbang
-version: 1.0.7
+version: 1.0.8
diff --git a/chart/templates/sonarqube/gitrepository.yaml b/chart/templates/sonarqube/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1c5f9300d674a71ea3e8aeec2adb8867b3aa5953
--- /dev/null
+++ b/chart/templates/sonarqube/gitrepository.yaml
@@ -0,0 +1,14 @@
+{{- if and (not .Values.offline) .Values.addons.sonarqube.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: sonarqube
+ namespace: {{ .Release.Namespace }}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.addons.sonarqube.git.repo }}
+ ref:
+ {{- include "validRef" .Values.addons.sonarqube.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" .Values.git | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/sonarqube/namespace.yaml b/chart/templates/sonarqube/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..12f37c1358abb2ba6d93f2d564a65c927d35b650
--- /dev/null
+++ b/chart/templates/sonarqube/namespace.yaml
@@ -0,0 +1,29 @@
+{{- if .Values.addons.sonarqube.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: sonarqube
+---
+{{- if ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: sonarqube
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
+---
+# create database secret
+{{- if .Values.addons.sonarqube.database.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: sonarqube-db-secret
+ namespace: sonarqube
+type: kubernetes.io/opaque
+stringData:
+ postgresql-password: {{ .Values.addons.sonarqube.database.password }}
+{{- end }}
+{{- end }}
diff --git a/chart/templates/sonarqube/sonarqube-helmrelease.yaml b/chart/templates/sonarqube/sonarqube-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d00bbecc515c0752afbb8878c497260df8d2d893
--- /dev/null
+++ b/chart/templates/sonarqube/sonarqube-helmrelease.yaml
@@ -0,0 +1,101 @@
+{{- if .Values.addons.sonarqube.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: sonarqube
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: sonarqube
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+
+spec:
+ releaseName: sonarqube
+ targetNamespace: sonarqube
+ chart:
+ spec:
+ chart: {{ .Values.addons.sonarqube.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: sonarqube
+ namespace: {{ .Release.Namespace }}
+
+ {{- with .Values.flux }}
+ interval: {{ .interval }}
+ test:
+ enable: false
+ install:
+ remediation:
+ retries: {{ .install.retries }}
+ upgrade:
+ remediation:
+ retries: {{ .upgrade.retries }}
+ remediateLastFailure: true
+ cleanupOnFail: true
+ rollback:
+ timeout: {{ .rollback.timeout }}
+ cleanupOnFail: {{ .rollback.cleanupOnFail }}
+ {{- end }}
+
+ valuesFrom:
+ - name: values
+ kind: Secret
+ valuesKey: "sonarqube.yaml"
+
+ values:
+ hostname: {{ .Values.hostname }}
+ istio:
+ enabled: {{ .Values.istio.enabled }}
+ monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+ {{- if ( include "imagePullSecret" . ) }}
+ ## value for image pull secret
+ image:
+ pullSecret: private-registry
+ {{- end }}
+ # SAML SSO config
+ {{- if .Values.addons.sonarqube.sso.enabled }}
+ sonarProperties:
+ sonar.auth.saml.enabled: {{ .Values.addons.sonarqube.sso.enabled }}
+ sonar.core.serverBaseURL: https://sonarqube.{{ .Values.hostname }}
+ sonar.auth.saml.applicationId: {{ .Values.addons.sonarqube.sso.client_id }}
+ sonar.auth.saml.providerName: {{ .Values.addons.sonarqube.sso.providerName }}
+ sonar.auth.saml.providerId: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}
+ sonar.auth.saml.loginUrl: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/saml
+ sonar.auth.saml.certificate.secured: {{ .Values.addons.sonarqube.sso.certificate }}
+ sonar.auth.saml.user.login: {{ .Values.addons.sonarqube.sso.login }}
+ sonar.auth.saml.user.name: {{ .Values.addons.sonarqube.sso.name }}
+ sonar.auth.saml.user.email: {{ .Values.addons.sonarqube.sso.email }}
+ {{- if .Values.addons.sonarqube.sso.group }}
+ sonar.auth.saml.user.group: {{ .Values.addons.sonarqube.sso.group }}
+ {{- end }}
+ {{- end }}
+ # External Postgres config
+ {{- if .Values.addons.sonarqube.database.enabled }}
+ postgresql:
+ # Set to false for external postgres server
+ enabled: {{ not .Values.addons.sonarqube.database.enabled }}
+ postgresqlServer: {{ .Values.addons.sonarqube.database.server }}
+ postgresqlDatabase: {{ .Values.addons.sonarqube.database.database }}
+ postgresqlUsername: {{ .Values.addons.sonarqube.database.user }}
+ existingSecret: sonarqube-db-secret
+ service:
+ port: {{ .Values.addons.sonarqube.database.port }}
+ {{- end }}
+ {{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.monitoring.enabled }}
+ dependsOn:
+ {{- if .Values.gatekeeper.enabled }}
+ - name: gatekeeper
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/values.yaml b/chart/templates/values.yaml
index 9e977626f190d3ef6f4c6c06af3648cd986cece1..a8820942a49605edb62c199914eb9bd3e19582da 100644
--- a/chart/templates/values.yaml
+++ b/chart/templates/values.yaml
@@ -53,4 +53,6 @@ stringData:
{{ toYaml .Values.addons.gitlab.values | indent 4 }}
anchore.yaml: |
{{ toYaml .Values.addons.anchore.values | indent 4 }}
+ sonarqube.yaml: |
+{{ toYaml .Values.addons.sonarqube.values | indent 4 }}
data:
diff --git a/chart/values.yaml b/chart/values.yaml
index 1f8492b525635938100d7c1074cb189bad37d1c5..33c0e845a9e41cd4472da45c0f545da907eb3e52 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -257,6 +257,35 @@ addons:
tag: "0.19.2-bb.2"
values: {}
+ sonarqube:
+ enabled: false
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
+ path: "./chart"
+ tag: "9.2.6-bb.2"
+ sso:
+ enabled: false
+ client_id: # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
+ providerName: # login as name example: P1 SSO
+ certificate: # SAML sso certificate example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
+ login: # login sso attribute example: login
+ name: # name sso attribute example: name
+ email: # email sso attribute example: email
+ group: # (optional) group sso attribute example: group
+ database:
+ enabled: false
+ server: # postgres location example: postgres.bigbang.dev
+ port: # 5432
+ database: # database name example: sonarDB
+ user: # postgres user example: sonarUser
+ password: # unencoded stringData. This should be put in the secret values
+ objectStorage:
+ enabled: true
+ storageClass:
+ accessMode: ReadWriteOnce
+ size: 10Gi
+ values: {}
+
haproxy:
enabled: false
git:
diff --git a/scripts/deploy/02_wait_for_helmrealeases.sh b/scripts/deploy/02_wait_for_helmrealeases.sh
index 076eb8a1a46948fa3dec793fc2f795455529f1a2..eb8595cbe8348f6a9c70a17a0af84b1df4962291 100755
--- a/scripts/deploy/02_wait_for_helmrealeases.sh
+++ b/scripts/deploy/02_wait_for_helmrealeases.sh
@@ -3,8 +3,7 @@
set -ex
## This is an array to instantiate the order of wait conditions
-ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso anchore"
-
+ORDERED_HELMRELEASES="gatekeeper istio-operator istio monitoring eck-operator ek fluent-bit twistlock cluster-auditor authservice argocd gitlab haproxy-sso anchore sonarqube"
## This the actual deployed helmrelease objects in the cluster
DEPLOYED_HELMRELEASES=$(kubectl get hr --no-headers -n bigbang | awk '{ print $1}')
@@ -53,4 +52,4 @@ do
done
echo "Waiting on Secrets Kustomization"
-kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
\ No newline at end of file
+kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
diff --git a/tests/ci/k3d/values.yaml b/tests/ci/k3d/values.yaml
index 79f34695a5a61e2373b9532fd4e9993cad82356f..55957d7d28ff40ed851d042c64ae49e70a2e73d7 100644
--- a/tests/ci/k3d/values.yaml
+++ b/tests/ci/k3d/values.yaml
@@ -67,3 +67,5 @@ addons:
enabled: false
anchore:
enabled: true
+ sonarqube:
+ enabled: true