diff --git a/tests/test-values.yml b/tests/test-values.yml index af9d6e248c00a8aad61c6b2c977f3da2163db835..aaddc0cfbbe077fa397c2be1b467e11d09e6ff9a 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -1,361 +1,5 @@ -# Default values for sonarqube. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -replicaCount: 1 - - # This will use the default deployment strategy unless it is overriden -deploymentStrategy: {} -# Uncomment this to scheduler pods on priority -# priorityClassName: "high-priority" - -## Use an alternate scheduler, e.g. "stork". -## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ -## -# schedulerName: - -## Is this deployment for OpenShift? If so, we help with SCCs -OpenShift: - enabled: false - createSCC: true - image: - repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community - tag: 8.6-community - pullPolicy: IfNotPresent - # If using a private repository, the name of the imagePullSecret to use pullSecret: private-registry-mil -# Set security context for sonarqube pod -securityContext: - fsGroup: 1000 - -# Set security context for sonarqube container -containerSecurityContext: - # Sonarqube dockerfile creates sonarqube user as UID and GID 1000 - runAsUser: 1000 - -# Settings to configure elasticsearch host requirements -elasticsearch: - # DEPRECATED: Use initSysctl.enabled instead - configureNode: true - bootstrapChecks: true - -service: - type: ClusterIP - externalPort: 9000 - internalPort: 9000 - labels: - annotations: {} - # May be used in example for internal load balancing in GCP: - # cloud.google.com/load-balancer-type: Internal - # loadBalancerSourceRanges: - # - 0.0.0.0/0 - # loadBalancerIP: 1.2.3.4 -ingress: - enabled: false - # Used to create an Ingress record. - hosts: - - name: sonar.example.com - # Different clouds or configurations might need /* as the default path - path: / - # For additional control over serviceName and servicePort - # serviceName: someService - # servicePort: somePort - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - # This property allows for reports up to a certain size to be uploaded to SonarQube - # nginx.ingress.kubernetes.io/proxy-body-size: "8m" - -# Additional labels for Ingress manifest file - # labels: - # traffic-type: external - # traffic-type: internal - tls: [] - # Secrets must be manually created in the namespace. - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -# Affinity for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity -affinity: {} - -# Tolerations for pod assignment -# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ -tolerations: [] - -# Node labels for pod assignment -# Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} - -# hostAliases allows the modification of the hosts file inside a container -hostAliases: [] -# - ip: "192.168.1.10" -# hostnames: -# - "example.com" -# - "www.example.com" - -readinessProbe: - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 6 - # If an ingress *path* other than the root (/) is defined, it should be reflected here - # A trailing "/" must be included - sonarWebContext: / - # sonarWebContext: /sonarqube/ -livenessProbe: - initialDelaySeconds: 60 - periodSeconds: 30 - # If an ingress *path* other than the root (/) is defined, it should be reflected here - # A trailing "/" must be included - sonarWebContext: / - # sonarWebContext: /sonarqube/ - # If an ingress *path* is defined, it should be reflected here - # sonar.web.context: /sonarqube - -initContainers: - # image: busybox:1.32 - # We allow the init containers to have a separate security context declaration because - # the initContainer may not require the same as SonarQube. - # securityContext: {} - # We allow the init containers to have a separate resources declaration because - # the initContainer does not take as much resources. - resources: {} - -## Provide a secret containing one or more certificate files in the keys that will be added to cacerts -## The cacerts file will be set via SONARQUBE_WEB_JVM_OPTS and SONAR_CE_JAVAOPTS -## -# caCerts: - # image: adoptopenjdk/openjdk11:alpine - # secret: my-secret - -initSysctl: - enabled: true - vmMaxMapCount: 524288 - fsFileMax: 131072 - nofile: 131072 - nproc: 8192 - # image: busybox:1.32 - securityContext: - privileged: true - # resources: {} - -# List of plugins to install. -# For example: -# plugins: -# install: -# - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar" -# - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" -plugins: - install: - - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar - - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar - lib: [] - - # For use behind a corporate proxy when downloading plugins - # httpProxy: "" - # httpsProxy: "" - # noProxy: "" - - # image: rjkernick/alpine-wget:latest - # resources: {} - - # .netrc secret file with a key "netrc" to use basic auth while downloading plugins - # netrcCreds: "" - -## Values to add to SONARQUBE_WEB_JVM_OPTS -## -# jvmOpts: "-Djava.net.preferIPv4Stack=true" -jvmOpts: "" - -## Environment variables to attach to the pods -## -# env: -# - name: VARIABLE -# value: my-value - -# Set annotations for pods -annotations: {} - -resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi -persistence: - enabled: false - ## Set annotations on pvc - annotations: {} - - ## Specify an existing volume claim instead of creating a new one. - ## When using this option all following options like storageClass, accessMode and size are ignored. - # existingClaim: - - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - storageClass: - accessMode: ReadWriteOnce - size: 10Gi - - ## Specify extra volumes. Refer to ".spec.volumes" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/ - volumes: [] - ## Specify extra mounts. Refer to ".spec.containers.volumeMounts" specification : https://kubernetes.io/fr/docs/concepts/storage/volumes/ - mounts: [] - -# In case you want to specify different resources for emptyDir than {} -emptyDir: {} - # Example of resouces that might be used: - # medium: Memory - # sizeLimit: 16Mi - -# A custom sonar.properties file can be provided via dictionary. -# For example: -sonarProperties: - sonar.forceAuthentication: true -# SAML SSO config -# sonar.auth.saml.enabled: false -# sonar.core.serverBaseURL: https://sonarqube.bigbang.dev -# sonar.auth.saml.applicationId: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube -# sonar.auth.saml.providerName: P1 SSO -# sonar.auth.saml.providerId: https://login.dsop.io/auth/realms/baby-yoda -# sonar.auth.saml.loginUrl: https://login.dsop.io/auth/realms/baby-yoda/protocol/saml -# sonar.auth.saml.certificate.secured: MITCAYCBFyIEUjNBkqhkiG9w0BA.... -# sonar.auth.saml.user.login: login -# sonar.auth.saml.user.name: name -# sonar.auth.saml.user.email: email -# sonar.auth.saml.group.name: group - -# Additional sonar properties to load from a secret with a key "secret.properties" (must be a string) -# sonarSecretProperties: - -# Kubernetes secret that contains the encryption key for the sonarqube instance. -# The secret must contain the key 'sonar-secret.txt'. -# The 'sonar.secretKeyPath' property will be set automatically. -# sonarSecretKey: "settings-encryption-secret" - -## JDBC Database Type; by default postgresql. To use a different Database type, adjust -jdbcDatabaseType: postgresql - -## Override JDBC URL -# jdbcUrlOverride: "jdbc:postgresql://myPostgress/myDatabase;socketTimeout=1500" - -## Configuration values for postgresql dependency -## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md -postgresql: - # Enable to deploy the PostgreSQL chart - enabled: true - # To use an external PostgreSQL instance, set enabled to false and uncomment - # the line below: - # postgresqlServer: "" - # To use an external secret for the password for an external PostgreSQL - # instance, set enabled to false and provide the name of the secret on the - # line below: - # existingSecret: "" - postgresqlUsername: "sonarUser" - postgresqlPassword: "sonarPass" - postgresqlDatabase: "sonarDB" - # Specify the TCP port that PostgreSQL should use - service: - port: 5432 - resources: - limits: - cpu: 2 - memory: 2Gi - requests: - cpu: 100m - memory: 200Mi - persistence: - enabled: true - accessMode: ReadWriteOnce - size: 20Gi - storageClass: - securityContext: - # For standard Kubernetes deployment, set enabled=true - # If using OpenShift, enabled=false for restricted SCC and enabled=true for anyuid/nonroot SCC - enabled: true - # fsGroup and runAsUser specifications below are not applied if enabled=false. enabled=false is the required setting for OpenShift "restricted SCC" to work successfully. - # postgresql dockerfile sets user as 1001 - fsGroup: 1001 - runAsUser: 1001 - volumePermissions: - # For standard Kubernetes deployment, set enabled=false - # For OpenShift, set enabled=true and ensure to set volumepermissions.securitycontext.runAsUser below. - enabled: false - # if using restricted SCC set runAsUser: "auto" and if running under anyuid/nonroot SCC - runAsUser needs to match runAsUser above - securityContext: - runAsUser: 0 - shmVolume: - chmod: - enabled: false - serviceAccount: - ## If enabled = true, and name is not set, postgreSQL will create a serviceAccount - enabled: false -# name: - -# Additional labels to add to the pods: -# podLabels: -# key: value -podLabels: {} -# For compatibility with 8.0 replace by "/opt/sq" -# For compatibility with 8.2, leave the default. They changed it back to /opt/sonarqube -sonarqubeFolder: /opt/sonarqube - -tests: - enabled: true - # image: bitnami/minideb-extras - -serviceAccount: - create: false - # name: - ## Annotations for the Service Account - annotations: {} - -# extraConfig is used to load Environment Variables from Secrets and ConfigMaps -# which may have been written by other tools, such as external orchestrators. -# -# These Secrets/ConfigMaps are expected to contain Key/Value pairs, such as: -# -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: external-sonarqube-opts -# data: -# SONARQUBE_JDBC_USERNAME: foo -# SONARQUBE_JDBC_URL: jdbc:postgresql://db.example.com:5432/sonar -# -# These vars can then be injected into the environment by uncommenting the following: -# -# extraConfig: -# configmaps: -# - external-sonarqube-opts - -extraConfig: - secrets: [] - configmaps: [] - -# account: -# adminPassword: admin -# currentAdminPassword: admin -# curlContainerImage: curlimages/curl:latest - -terminationGracePeriodSeconds: 60 - -# Big Bang Additions -hostname: bigbang.dev istio: enabled: true -monitoring: - enabled: false