Merge branch 'docs-prereqs' into 'master'

Sonarqube prereqs Summary The newest version of sonarqube has initcontainers disabled by default this documents the needed kernel mods. Closes https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/347 See merge request platform-one/big-bang/bigbang!392

Merge branch 'docs-prereqs' into 'master'
916377bb · joshwolf · f93e8a22 · c3003e53 · 916377bb · 916377bb
Commit 916377bb authored 3 years ago by joshwolf
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
@@ -7,7 +7,12 @@ locals {
 aws configure set default.region $(curl -s http://169.254.169.254/latest/meta-data/placement/region)

 # Tune vm sysctl for elasticsearch
-sysctl -w vm.max_map_count=262144
+sysctl -w vm.max_map_count=524288
+
+# SonarQube host pre-requisites
+sysctl -w fs.file-max=131072
+ulimit -n 131072
+ulimit -u 8192

 # Preload kernel modules required by istio-init, required for selinux enforcing instances using istio-init
 modprobe xt_REDIRECT

--- a/docs/d_prerequisites.md
+++ b/docs/d_prerequisites.md
@@ -144,3 +144,25 @@ kubectl patch psp global-restricted-psp  -p '{"metadata": {"annotations":{"secco
 ### Istio

 By default, BigBang will use `istio-init`, and `rke2` clusters will come with `selinux` in `Enforcing` mode, please see the [`istio-init`](#istio-pre-requisites-on-selinux-enforcing-systems) above for pre-requisites and warnings.
+
+### Sonarqube
+
+Sonarqube requires the following kernel configurations set at the node level: 
+
+```bash
+sysctl -w vm.max_map_count=524288
+sysctl -w fs.file-max=131072
+ulimit -n 131072
+ulimit -u 8192
+```
+
+Another option includes running the init container to modify the kernel values on the host (this requires a busybox container run as root):
+
+```yaml
+addons:
+  sonarqube:
+    values:
+      initSysctl:
+        enabled: true
+```
+**This is not the recommended solution as it requires running an init container as privileged.**