SKIP UPGRADE CHECK LTA chart upgrade

This MR contains the following updates:

• Upgrading chart version 10.7.0 -> 2025.2.0
• Upgrading application community build 10.7.0-community -> 25.1.0.102122-community

Umbrella Branch

afarasoteemo-BB-sonar

Relevant logs/screenshots

Keycloak saml integration:

Local cluster cypress tests pass with Clean Install:

Linked Issue

issue

Upgrade Notices

Breaking Changes

• This release includes major refactoring of the upstream SonarQube Helm chart, which changes how the PostgreSQL dependency and StatefulSets are managed. Due to these changes, a conflict can occur with the PostgreSQL secret and StatefulSets created by previous versions of this chart, which can cause the helm upgrade command to fail. The serviceName of the PostgreSQL StatefulSet has changed from sonarqube-postgresql to sonarqube-postgresql-headless, which is an immutable field.

  To perform a successful upgrade while preserving your existing SonarQube data, you must extract your current database password, delete the old secret and StatefulSets, and then provide the password during the upgrade.

  Follow these steps to upgrade your SonarQube instance:

  1. Get your current PostgreSQL password. The following command will retrieve the password from the existing secret and store it in an environment variable.

     export SONAR_DB_PASSWORD=$(kubectl get secret sonarqube-postgresql -n sonarqube -o jsonpath='{.data.password}' | base64 --decode)

  2. Delete the old PostgreSQL secret. This will prevent the upgrade from failing due to a secret conflict.

     kubectl delete secret sonarqube-postgresql -n sonarqube

  3. Delete the existing StatefulSets. This will prevent the upgrade from failing due to immutable field errors.

     kubectl delete statefulset sonarqube-postgresql sonarqube-sonarqube -n sonarqube

  4. Run the Helm upgrade command. This command will upgrade your SonarQube instance and create a new, compatible secret and StatefulSets with your preserved password.

     helm upgrade -i sonarqube ./chart -n sonarqube --set upstream.postgresql.auth.password=$SONAR_DB_PASSWORD
     
     

Keycloak Integration:

The SSO block for keycloak integration as shown below.

sso:
  enabled: true
values:
   upstream:
      sonarProperties:
         sonar.core.serverBaseURL: "https://your.sonarqube.url/" 
         #sonar.auth.saml.enabled: ""
         #sonar.auth.saml.applicationId: ""
         #sonar.auth.saml.providerName: ""
         #sonar.auth.saml.providerId: ""
         #sonar.auth.saml.loginUrl: ""
         #sonar.auth.saml.certificate.secured: ""
         #sonar.auth.saml.user.login: ""
         #sonar.auth.saml.user.name: ""
         #sonar.auth.saml.user.email: ""
         #sonar.auth.saml.group.name: ""

Account which is the values set to define the current and the (new) custom admin passwords at the startup has been deprecated the new value is now setAdminPassword as shown below

 setAdminPassword:
 # The values can be set to define the current and the (new) custom admin passwords at the startup (the username will remain "admin")
   newPassword: <new_admin_password>
   currentPassword: admin

Pod logs say a manual db upgrade is needed. Please follow the SonarQube Upgrade Roadmap: https://docs.sonarsource.com/sonarqube-community-build/server-upgrade-and-maintenance/upgrade/roadmap/.

Without the upgrade, the SonarQube Maintenance page is displayed in the UI.