SKIP UPGRADE updating sonarqube for passthrough and admin password reset
General MR
Summary
Update the umbrella for sonarqube passthrough and chart migration
We expect the upgrade to fail -- see Upgrade Notices below
Relevant logs/screenshots
N/A
Linked Issue
For big-bang/product/packages/sonarqube!242 (merged)
Closes big-bang/product/packages/sonarqube#168 (closed)
Upgrade Notices
Breaking Changes
-
This release includes major refactoring of the upstream SonarQube Helm chart, which changes how the PostgreSQL dependency and StatefulSets are managed. Due to these changes, a conflict can occur with the PostgreSQL secret and StatefulSets created by previous versions of this chart, which can cause the
helm upgradecommand to fail. TheserviceNameof the PostgreSQL StatefulSet has changed fromsonarqube-postgresqltosonarqube-postgresql-headless, which is an immutable field.To perform a successful upgrade while preserving your existing SonarQube data, you must extract your current database password, delete the old secret and StatefulSets, and then perform the upgrade.
Follow these steps to upgrade your SonarQube instance:
- Remember to backup your database prior to performing any upgrades
-
Get The Current Password In case you need it later
$ kubectl -n sonarqube get secrets sonarqube-postgresql -o go-template='{{.data.password | base64decode}}' ; echo -
Suspend the helm release The following command will suspend the flux helm release
$ flux -n bigbang suspend helmrelease sonarqube -
Delete the old PostgreSQL secret. This will prevent the upgrade from failing due to a secret conflict.
$ kubectl delete secret sonarqube-postgresql -n sonarqube -
Delete the existing StatefulSets. This will prevent the upgrade from failing due to immutable field errors.
$ kubectl delete statefulset sonarqube-postgresql sonarqube-sonarqube -n sonarqube - Upgrade Big Bang -- Perform your Big Bang upgrade
-
Resume the helm release The following command will resume the flux helm release. This may not complete until all the next steps are done.
$ flux -n bigbang resume helmrelease sonarqube -
Verify Pod and HelmRelease The
sonarqube-sonarqube-0pod should go toRunning-- the helmrelease will remain READY state ofUnknown$ kubectl -n sonarqube get pods; kubectl -n bigbang get helmrelease sonarqube -
Navigating to your SonarQube site will probably display --
SonarQube is under maintenance - Follow the SonarQube Upgrade Roadmap -- https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/upgrade/roadmap/ . You will likely need to navigate to http://yourSonarQubeURL/setup and follow the instructions.
-
Verify HelmRelease -- the sonarqube helmrelease should show Ready: True
$ kubectl -n bigbang get helmrelease sonarqube
Keycloak Integration:
The SSO block for keycloak integration as shown below.
sso:
enabled: true
values:
upstream:
sonarProperties:
sonar.core.serverBaseURL: "https://your.sonarqube.url/"
#sonar.auth.saml.enabled: ""
#sonar.auth.saml.applicationId: ""
#sonar.auth.saml.providerName: ""
#sonar.auth.saml.providerId: ""
#sonar.auth.saml.loginUrl: ""
#sonar.auth.saml.certificate.secured: ""
#sonar.auth.saml.user.login: ""
#sonar.auth.saml.user.name: ""
#sonar.auth.saml.user.email: ""
#sonar.auth.saml.group.name: ""Account which is the values set to define the current and the (new) custom admin passwords at the startup has been deprecated the new value is now setAdminPassword as shown below
setAdminPassword:
# The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin")
newPassword: <new_admin_password>
currentPassword: adminPod logs say a manual db upgrade is needed. Please follow the SonarQube Upgrade Roadmap: https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/upgrade/roadmap/.