From c3003e53c179a3d867b853aba73c8dbb822bb350 Mon Sep 17 00:00:00 2001
From: "branden.cobb" <cobb_branden@bah.com>
Date: Thu, 8 Apr 2021 16:16:41 +0000
Subject: [PATCH] Add sonarqube pre-req documentation

---
 .../rke2/dependencies/terraform/main/main.tf  |  7 +++++-
 docs/d_prerequisites.md                       | 22 +++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
index 9b3fcac78d..45d8c25fd9 100644
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
+++ b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
@@ -7,7 +7,12 @@ locals {
 aws configure set default.region $(curl -s http://169.254.169.254/latest/meta-data/placement/region)
 
 # Tune vm sysctl for elasticsearch
-sysctl -w vm.max_map_count=262144
+sysctl -w vm.max_map_count=524288
+
+# SonarQube host pre-requisites
+sysctl -w fs.file-max=131072
+ulimit -n 131072
+ulimit -u 8192
 
 # Preload kernel modules required by istio-init, required for selinux enforcing instances using istio-init
 modprobe xt_REDIRECT
diff --git a/docs/d_prerequisites.md b/docs/d_prerequisites.md
index d0d3983837..b6a570ef41 100644
--- a/docs/d_prerequisites.md
+++ b/docs/d_prerequisites.md
@@ -144,3 +144,25 @@ kubectl patch psp global-restricted-psp  -p '{"metadata": {"annotations":{"secco
 ### Istio
 
 By default, BigBang will use `istio-init`, and `rke2` clusters will come with `selinux` in `Enforcing` mode, please see the [`istio-init`](#istio-pre-requisites-on-selinux-enforcing-systems) above for pre-requisites and warnings.
+
+### Sonarqube
+
+Sonarqube requires the following kernel configurations set at the node level: 
+
+```bash
+sysctl -w vm.max_map_count=524288
+sysctl -w fs.file-max=131072
+ulimit -n 131072
+ulimit -u 8192
+```
+
+Another option includes running the init container to modify the kernel values on the host (this requires a busybox container run as root):
+
+```yaml
+addons:
+  sonarqube:
+    values:
+      initSysctl:
+        enabled: true
+```
+**This is not the recommended solution as it requires running an init container as privileged.**
-- 
GitLab