From ff7d5dcb207c084d8da0962b8c04b0655f0e9163 Mon Sep 17 00:00:00 2001 From: Jaydee94 Date: Wed, 27 Aug 2025 14:43:59 +0200 Subject: [PATCH 1/2] feat: allow extraVolumeMounts and additional curl options for plugin-install This Commit introduces two new helm values for configuring extraVolumeMounts and additonal curl options for the install-plugins initContainer. The values can be used to mount additonal CABundles into the install-plugins container. With curlOpts the mounted CABundle can be used in the shell script that invokes curl to download the plugins. For example: plugins.curlOpts: "--cacert=/certs/myCABundle.crt" plugins.extraVolumeMounts: - mountPath: /certs/myCABundle.crt subPath: myCABundle.crt name: my-ca-bundle --- charts/sonarqube/README.md | 2 ++ charts/sonarqube/templates/_pod.tpl | 3 +++ charts/sonarqube/templates/install-plugins.yaml | 2 +- charts/sonarqube/values.yaml | 4 ++++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/charts/sonarqube/README.md b/charts/sonarqube/README.md index 311f900e9..8fb29b5ec 100644 --- a/charts/sonarqube/README.md +++ b/charts/sonarqube/README.md @@ -457,6 +457,8 @@ The following table lists the configurable parameters of the SonarQube chart and | `plugins.netrcCreds` | Name of the secret containing .netrc file to use creds when downloading plugins | `""` | | `plugins.noCheckCertificate` | Flag to not check server's certificate when downloading plugins | `false` | | `plugins.securityContext` | Security context for the container to download plugins | [Restricted podSecurityStandard](#kubernetes---pod-security-standards) | +| `plugins.extraVolumeMounts` | Additional volumeMounts for the install-plugins initContainer | `{}` | +| `plugins.curlOpts` | Additional options for the install-plugins `curl` command | `""` | ### SonarQube Specific diff --git a/charts/sonarqube/templates/_pod.tpl b/charts/sonarqube/templates/_pod.tpl index c9f51e9af..8155406e4 100644 --- a/charts/sonarqube/templates/_pod.tpl +++ b/charts/sonarqube/templates/_pod.tpl @@ -214,6 +214,9 @@ spec: - name: plugins-netrc-file mountPath: /root {{- end }} + {{- with .Values.plugins.extraVolumeMounts }} + {{- toYaml . | nindent 8 }} + {{- end }} env: {{- with (include "sonarqube.install-plugins-proxy.env" .) }} {{- . | nindent 8 }} diff --git a/charts/sonarqube/templates/install-plugins.yaml b/charts/sonarqube/templates/install-plugins.yaml index 99300fb5a..fbaf5b294 100644 --- a/charts/sonarqube/templates/install-plugins.yaml +++ b/charts/sonarqube/templates/install-plugins.yaml @@ -9,6 +9,6 @@ data: rm -f {{ .Values.sonarqubeFolder }}/extensions/plugins/* cd {{ .Values.sonarqubeFolder }}/extensions/plugins {{- range $index, $val := .Values.plugins.install }} - curl {{ if $.Values.plugins.noCheckCertificate }}--insecure{{ end }} {{ if $.Values.plugins.netrcCreds }}--netrc-file /root/.netrc{{ end }} -fsSLO {{ $val | quote }} + curl {{ if $.Values.plugins.noCheckCertificate }}--insecure{{ end }} {{ if $.Values.plugins.netrcCreds }}--netrc-file /root/.netrc{{ end }} {{ if $.Values.plugins.curlOpts }}{{$.Values.plugins.curlOpts}}{{ end }} -fsSLO {{ $val | quote }} {{- end }} {{- end }} diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index dd9c42e08..c8366998a 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -421,6 +421,10 @@ plugins: noCheckCertificate: false # Reuse default initcontainers.securityContext that match restricted pod security standard # securityContext: {} + # Additional volumeMounts for the install-plugins initContainer + # extraVolumeMounts: {} + # Additional options for the install-plugins curl command + # curlOpts: "" ## (DEPRECATED) The following value sets SONAR_WEB_JAVAOPTS (e.g., jvmOpts: "-Djava.net.preferIPv4Stack=true"). However, this is deprecated, please set SONAR_WEB_JAVAOPTS or sonar.web.javaOpts directly instead. jvmOpts: "" From 699c111f34064e4fcd3c661c010b4320bd8575ef Mon Sep 17 00:00:00 2001 From: Jaydee94 Date: Wed, 27 Aug 2025 15:00:34 +0200 Subject: [PATCH 2/2] chore: Bump chart version and document change in Changelog --- charts/sonarqube/CHANGELOG.md | 4 ++++ charts/sonarqube/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index 595d59390..1d745b84c 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -1,6 +1,10 @@ # SonarQube Chart Changelog All changes to this chart will be documented in this file. +## [2025.6.0] +* Update Chart's version to 2025.6.0 +* Allow extraVolumeMounts and additional curl options for install-plugins initContainer + ## [2025.5.0] * Update Chart's version to 2025.5.0 * Update the image repository and readinessProbe used by postgresql after they migrated to a legacy repository diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index 2444d70d2..39e37e060 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sonarqube description: SonarQube is a self-managed, automatic code review tool that systematically helps you deliver clean code. As a core element of our Sonar solution, SonarQube integrates into your existing workflow and detects issues in your code to help you perform continuous code inspections of your projects. The tool analyses 30+ different programming languages and integrates into your CI pipeline and DevOps platform to ensure that your code meets high-quality standards. type: application -version: 2025.5.0 +version: 2025.6.0 appVersion: 2025.4.0 keywords: - coverage