Squashed 'cluster-config/' content from commit 654f2390

git-subtree-dir: cluster-config
git-subtree-split: 654f23903bd1f9a27a4810bd289d165b6cfdbb0c
This commit is contained in:
2025-03-30 15:46:16 -05:00
commit fe564d7227
346 changed files with 11754 additions and 0 deletions

View File

@@ -0,0 +1,33 @@
apiVersion: batch/v1
kind: Job
metadata:
name: configure-sonarqube
spec:
template:
spec:
containers:
- image: registry.access.redhat.com/ubi8/ubi:8.3
command:
- /bin/bash
- -c
- |
curl -H 'Cache-Control: no-cache' -o /tmp/sonarqube-plugins -s ${SCRIPT_URL};
chmod +x /tmp/sonarqube-plugins;
/tmp/sonarqube-plugins
imagePullPolicy: Always
name: configure-sonarqube
env:
- name: SONARQUBE_PLUGINS
value: "java,javascript,dependencycheck,jacoco,pmd,scmgit"
- name: SONARQUBE_PASSWORD
valueFrom:
secretKeyRef:
name: sonarqube-admin
key: password
- name: SCRIPT_URL
value: "https://raw.githubusercontent.com/gnunn-gitops/cluster-config/main/components/dev-tools/scripts/sonarqube-config"
dnsPolicy: ClusterFirst
restartPolicy: OnFailure
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30

View File

@@ -0,0 +1,48 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: dev-tools
bases:
# Nexus
- https://github.com/redhat-cop/gitops-catalog/nexus2/base
# Sonarqube
- sonarqube-admin-secret.yaml
- https://github.com/redhat-cop/gitops-catalog/sonarqube8/base
- configure-sonarqube-job.yaml
resources:
- namespace.yaml
patches:
- patch: |-
- op: replace
path: /spec/template/spec/containers/0/image
value: sonarqube:lts-community
target:
kind: Deployment
name: sonarqube
- patch: |-
- op: add
path: /spec/template/spec/containers/0/env
value:
- name: SONAR_JDBC_PASSWORD
value: kHPdpIYtdtGXeStv
- name: SONAR_JDBC_URL
value: 'jdbc:postgresql://postgresql-sonarqube/sonar'
- name: SONAR_JDBC_USERNAME
value: sonar
- name: SONAR_TELEMETRY_ENABLE
value: 'false'
- name: SONAR_PLUGINS_RISK_CONSENT
value: ACCEPTED
target:
kind: Deployment
name: sonarqube
- patch: |-
- op: add
path: /spec/tls
value:
termination: edge
target:
kind: Route

View File

@@ -0,0 +1,7 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/description: Project for development tools like nexus and sonarqube
openshift.io/display-name: Development Tools
name: dev-tools

View File

@@ -0,0 +1,15 @@
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: sonarqube-admin
namespace: dev-tools
spec:
secretStoreRef:
kind: ClusterSecretStore
name: doppler-cluster
target:
name: sonarqube-admin
data:
- secretKey: password
remoteRef:
key: SONARQUBE_ADMIN_PASSWORD

View File

@@ -0,0 +1,27 @@
SONARQUBE_HOST=sonarqube:9000
echo "Waiting for sonarqube to be ready..."
until [ "$(curl --silent --show-error --connect-timeout 1 http://${SONARQUBE_HOST}/api/system/status | grep 'UP')" ];
do
sleep 5
done
echo "SonarQube reporting UP. Wait 5 seconds to be sure."
sleep 5
echo "Updating admin password on host ${SONARQUBE_HOST}"
curl -u admin:admin -X POST "http://${SONARQUBE_HOST}/api/users/change_password?login=admin&previousPassword=admin&password=${SONARQUBE_PASSWORD}"
echo "Disabling force authentication for demo purposes"
curl -u admin:${SONARQUBE_PASSWORD} --request POST "http://sonarqube:9000/api/settings/set?key=sonar.forceAuthentication&value=false"
echo "Installing plugins ${SONARQUBE_PLUGINS} on server ${SONARQUBE_HOST}"
for i in ${SONARQUBE_PLUGINS//,/ }
do
echo "Installing $i"
curl -u admin:${SONARQUBE_PASSWORD} --data "key=$i" http://${SONARQUBE_HOST}/api/plugins/install
done
echo "Restarting server ${SONARQUBE_HOST} ..."
curl -u admin:${SONARQUBE_PASSWORD} -X POST http://${SONARQUBE_HOST}/api/system/restart