From 3decb730f7f3cfe14d86fdcd3862b7c9e8a155f0 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Tue, 16 Mar 2021 19:02:51 +0000 Subject: [PATCH 01/12] Added plugins to container and pushed to gitlab as well as initContainers --- Dockerfile | 10 +++++++++ chart/templates/tests/sonarqube-test.yaml | 2 +- chart/values.yaml | 25 ++++++++++++----------- 3 files changed, 24 insertions(+), 13 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1be2201 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,10 @@ +# Start with the IronBank Image +FROM registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community:8.6-community +# Add needed Plugins +ADD https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar /opt/sonarqube/extensions/plugins/ +USER root +RUN chown -R sonarqube:sonarqube /opt/sonarqube/extensions/plugins +USER sonarqube diff --git a/chart/templates/tests/sonarqube-test.yaml b/chart/templates/tests/sonarqube-test.yaml index 9ecef43..88ab21d 100644 --- a/chart/templates/tests/sonarqube-test.yaml +++ b/chart/templates/tests/sonarqube-test.yaml @@ -13,7 +13,7 @@ metadata: spec: initContainers: - name: "bats" - image: "bats/bats:1.2.1" + image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/bats:1.2.1" imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["bash", "-c"] args: diff --git a/chart/values.yaml b/chart/values.yaml index 7f0a2b8..95491b6 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,9 +19,10 @@ OpenShift: createSCC: true image: - repository: registry1.dso.mil/ironbank/sonarsource/sonarqube/sonarqube8-community - tag: 8.6-community - pullPolicy: IfNotPresent + repository: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/sonarqube8-community-bb + tag: 8.6-community-bb + #pullPolicy: IfNotPresent + pullPolicy: Always # If using a private repository, the name of the imagePullSecret to use pullSecret: [] @@ -115,7 +116,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - # image: busybox:1.32 + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -136,7 +137,7 @@ initSysctl: fsFileMax: 131072 nofile: 131072 nproc: 8192 - # image: busybox:1.32 + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 securityContext: privileged: true # resources: {} @@ -148,11 +149,11 @@ initSysctl: # - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar" # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" plugins: - install: - - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar - - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar - - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar +# install: +# - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar +# - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar +# - https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar lib: [] # For use behind a corporate proxy when downloading plugins @@ -160,7 +161,7 @@ plugins: # httpsProxy: "" # noProxy: "" - # image: rjkernick/alpine-wget:latest + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest # resources: {} # .netrc secret file with a key "netrc" to use basic auth while downloading plugins @@ -315,7 +316,7 @@ sonarqubeFolder: /opt/sonarqube tests: enabled: true - # image: bitnami/minideb-extras + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest serviceAccount: create: false -- GitLab From 661546e0754d158120461fcbdeeb74419e4a6729 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Tue, 16 Mar 2021 19:14:16 +0000 Subject: [PATCH 02/12] switching pull policy back --- chart/values.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 95491b6..a6e48b1 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -21,8 +21,7 @@ OpenShift: image: repository: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/sonarqube8-community-bb tag: 8.6-community-bb - #pullPolicy: IfNotPresent - pullPolicy: Always + pullPolicy: IfNotPresent # If using a private repository, the name of the imagePullSecret to use pullSecret: [] -- GitLab From c9e9621406239930ff4f4f927af9407c9363c41d Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Tue, 16 Mar 2021 19:22:57 +0000 Subject: [PATCH 03/12] chart bump --- chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index a0431d4..261b904 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 8.6-community name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 9.2.6-bb.2 +version: 9.2.6-bb.3 keywords: - coverage - security -- GitLab From 37eb03ddf4e528579df7bbd7b8277925be5fa39e Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Tue, 16 Mar 2021 19:27:12 +0000 Subject: [PATCH 04/12] Update CHANGELOG.md --- CHANGELOG.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97a78d3..a57aea2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog -## Initial Helm Chart Release - 2020-01-22 +## 9.2.6-bb.3 - 2021-03-16 +Plugins have been preinstalled into the container and made available at registry.dso.mil. + +InitContainers have also been pushed into registry.dso.mil until ironbank equivalents can be found. + +## Initial Helm Chart Release - 2021-01-22 Added SAML sso integration Added istio virtual service -- GitLab From 30c27add2c11ed6722bbb047a7a3ac867a41b838 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Wed, 17 Mar 2021 19:00:27 +0000 Subject: [PATCH 05/12] postgres fixes --- chart/requirements.yaml | 5 +++++ tests/test-values.yml | 9 +++++++++ 2 files changed, 14 insertions(+) create mode 100644 chart/requirements.yaml diff --git a/chart/requirements.yaml b/chart/requirements.yaml new file mode 100644 index 0000000..8eea6bb --- /dev/null +++ b/chart/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: + - name: postgresql + version: 8.6.4 + repository: file://charts/postgresql + condition: postgresql.enabled diff --git a/tests/test-values.yml b/tests/test-values.yml index aaddc0c..b376ebc 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -3,3 +3,12 @@ image: istio: enabled: true + +postgresql: + enabled: false + postgresqlServer: "postgres-postgresql-headless.postgres.svc.cluster.local" + postgresqlUsername: "sonarqube" + postgresqlPassword: "sonarqube" + postgresqlDatabase: "sonarqube" + service: + port: 5432 -- GitLab From 6e783e639f0ed0ed8e443c92f62317534ff56e38 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Wed, 17 Mar 2021 19:04:31 +0000 Subject: [PATCH 06/12] postgres fixes --- tests/test-values.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index b376ebc..d5d2b81 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -4,11 +4,3 @@ image: istio: enabled: true -postgresql: - enabled: false - postgresqlServer: "postgres-postgresql-headless.postgres.svc.cluster.local" - postgresqlUsername: "sonarqube" - postgresqlPassword: "sonarqube" - postgresqlDatabase: "sonarqube" - service: - port: 5432 -- GitLab From 0dd543dd6016692f1ed5e3ba9d3a991343d26d73 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Wed, 17 Mar 2021 20:37:16 +0000 Subject: [PATCH 07/12] adding more plugins for partybus --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 1be2201..89ee7bf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,8 @@ ADD https://github.com/dependency-check/dependency-check-sonar-plugin/releases/d ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ ADD https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar /opt/sonarqube/extensions/plugins/ ADD https://github.com/dmeiners88/sonarqube-prometheus-exporter/releases/download/v1.0.0-SNAPSHOT-2018-07-04/sonar-prometheus-exporter-1.0.0-SNAPSHOT.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/vaulttec/sonar-auth-oidc/releases/download/v2.0.0/sonar-auth-oidc-plugin-2.0.0.jar /opt/sonarqube/extensions/plugins/ +ADD https://github.com/OtherDevOpsGene/zap-sonar-plugin/releases/download/sonar-zap-plugin-2.0.2/sonar-zap-plugin-2.0.2.jar /opt/sonarqube/extensions/plugins/ USER root RUN chown -R sonarqube:sonarqube /opt/sonarqube/extensions/plugins USER sonarqube -- GitLab From 4aab9dd282ceece7eb2fb33f87f1a526b7831b42 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Thu, 18 Mar 2021 14:59:58 +0000 Subject: [PATCH 08/12] settings tests to false --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index a6e48b1..16f5722 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -314,7 +314,7 @@ podLabels: {} sonarqubeFolder: /opt/sonarqube tests: - enabled: true + enabled: false image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest serviceAccount: -- GitLab From 4a7a7d0a2fa3191faec33ae63e60d30c12d038ff Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Thu, 18 Mar 2021 15:14:51 +0000 Subject: [PATCH 09/12] testing ubi8 over busybox --- chart/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 16f5722..897a90a 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 + image: registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -136,7 +136,7 @@ initSysctl: fsFileMax: 131072 nofile: 131072 nproc: 8192 - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 + image: registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 securityContext: privileged: true # resources: {} @@ -148,7 +148,7 @@ initSysctl: # - "https://github.com/AmadeusITGroup/sonar-stash/releases/download/1.3.0/sonar-stash-plugin-1.3.0.jar" # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" plugins: -# install: + install: # - https://github.com/dependency-check/dependency-check-sonar-plugin/releases/download/1.2.6/sonar-dependency-check-plugin-1.2.6.jar # - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-c-plugin-1.3.2.1853.jar # - https://github.com/SonarOpenCommunity/sonar-cxx/releases/download/cxx-1.3.2/sonar-cxx-plugin-1.3.2.1853.jar -- GitLab From 82b1b78cbd4bdd40dc39ef2aa8fd9e64b5324a3b Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Thu, 18 Mar 2021 15:32:21 +0000 Subject: [PATCH 10/12] trying bats as ubi didn't work --- chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 897a90a..c4aa76b 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - image: registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 + image: registry1.dso.mil/ironbank/opensource/bats/bats:1.2.1 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -136,7 +136,7 @@ initSysctl: fsFileMax: 131072 nofile: 131072 nproc: 8192 - image: registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.3 + image: registry1.dso.mil/ironbank/opensource/bats/bats:1.2.1 securityContext: privileged: true # resources: {} -- GitLab From 021b3bd8cb0364c161a96912d498c3011b7335d9 Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Thu, 18 Mar 2021 15:36:46 +0000 Subject: [PATCH 11/12] bats doesn't work. switching back to busybox and disabling initSysctl. initContainer is only used to wait for DB --- chart/values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index c4aa76b..b2277a9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - image: registry1.dso.mil/ironbank/opensource/bats/bats:1.2.1 + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -131,12 +131,12 @@ initContainers: # secret: my-secret initSysctl: - enabled: true + enabled: false vmMaxMapCount: 524288 fsFileMax: 131072 nofile: 131072 nproc: 8192 - image: registry1.dso.mil/ironbank/opensource/bats/bats:1.2.1 + image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 securityContext: privileged: true # resources: {} -- GitLab From 867dccd3d6cdc1da8442a2b6f1be89cce9ff247a Mon Sep 17 00:00:00 2001 From: "branden.cobb" Date: Thu, 18 Mar 2021 16:58:44 +0000 Subject: [PATCH 12/12] image mods --- chart/templates/deployment.yaml | 15 +++++++++------ chart/templates/tests/sonarqube-test.yaml | 2 +- chart/values.yaml | 10 +++++----- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 4c68408..b465e71 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -84,7 +84,7 @@ spec: {{- end }} {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }} - name: init-sysctl - image: {{ default "busybox:1.32" .Values.initSysctl.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initSysctl.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if $securityContext := (default .Values.initContainers.securityContext .Values.initSysctl.securityContext) }} securityContext: @@ -105,7 +105,7 @@ spec: {{- end }} {{- if .Values.plugins.install }} - name: install-plugins - image: {{ default "rjkernick/alpine-wget:latest" .Values.plugins.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest" .Values.plugins.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-e", @@ -136,7 +136,7 @@ spec: {{- end }} {{- if and .Values.sonarProperties .Values.sonarSecretProperties }} - name: concat-properties - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32" .Values.initContainers.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["sh", "-c", @@ -163,12 +163,15 @@ spec: {{- end }} {{- if .Values.postgresql.enabled }} - name: "wait-for-db" - image: {{ default "busybox:1.32" .Values.initContainers.image }} + image: registry1.dso.mil/ironbank/opensource/postgres/postgresql96:9.6.20 imagePullPolicy: {{ .Values.image.pullPolicy }} resources: {{ toYaml .Values.initContainers.resources | indent 12 }} - command: ["/bin/sh", "-c", "for i in $(seq 1 200); do nc -z -w3 {{ .Release.Name}}-postgresql 5432 && exit 0 || sleep 2; done; exit 1"] - {{- end }} + command: ["/bin/sh", "-c", "until pg_isready -h {{ .Release.Name}}-postgresql -p 5432 -U {{ .Values.postgresql.postgresqlUsername }}; do sleep 2; done"] + {{- end }} + env: + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} diff --git a/chart/templates/tests/sonarqube-test.yaml b/chart/templates/tests/sonarqube-test.yaml index 88ab21d..3f5b5eb 100644 --- a/chart/templates/tests/sonarqube-test.yaml +++ b/chart/templates/tests/sonarqube-test.yaml @@ -25,7 +25,7 @@ spec: name: tools containers: - name: {{ .Release.Name }}-ui-test - image: {{ default "bitnami/minideb-extras" .Values.tests.image }} + image: {{ default "registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest" .Values.tests.image }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: [ "/tools/bats/bin/bats", diff --git a/chart/values.yaml b/chart/values.yaml index b2277a9..969404e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -37,7 +37,7 @@ containerSecurityContext: # Settings to configure elasticsearch host requirements elasticsearch: # DEPRECATED: Use initSysctl.enabled instead - configureNode: true + configureNode: false bootstrapChecks: true service: @@ -115,7 +115,7 @@ livenessProbe: # sonar.web.context: /sonarqube initContainers: - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 # We allow the init containers to have a separate security context declaration because # the initContainer may not require the same as SonarQube. # securityContext: {} @@ -136,7 +136,7 @@ initSysctl: fsFileMax: 131072 nofile: 131072 nproc: 8192 - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/busybox:1.32 securityContext: privileged: true # resources: {} @@ -160,7 +160,7 @@ plugins: # httpsProxy: "" # noProxy: "" - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/alpine-wget:latest # resources: {} # .netrc secret file with a key "netrc" to use basic auth while downloading plugins @@ -315,7 +315,7 @@ sonarqubeFolder: /opt/sonarqube tests: enabled: false - image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest + # image: registry.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/minideb-extras:latest serviceAccount: create: false -- GitLab