CACerts build blocked in Kubernetes Helm Chart

konstantin · August 23, 2021, 12:35pm

CA-certs volume is empty:

8.9-community
Silent fail with no errors, but java debug showed that trustore has no cacerts
Kubernetes deployment. Take deploymentType: “StatefulSet” and locate your certificates in k8s secrets as per documentation. My certs were used for LDAPS.
Fix sonarqube-sts.yaml:
Line 64: {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
Should go to Line 88.
Otherwise it blocks ca-certs initContainer.

I could miss something but it is also important to mention somewhere in this documentation page that persistency is a requirement for custom certificates in k8s deployment.

Last thing. I noticed that ca-certs initContainer creates a password “-storepass changeit”. Not sure if it is built in sonarqube container. I just provided jvmOpts: “-Djavax.net.ssl.trustStorePassword=changeit” in my values.yaml.

Thank you.

Tobias_Trabelsi · September 8, 2021, 7:08am

Hi @konstantin ,

good catch this has probably not been catched in testing as the initSysctl.enabled value is true by default. i have addressed your finding in this PR.

regarding the trust store password; changeit is the default by java as far as i know, so we are just using it here to fill the truststore with new certificates.

konstantin · September 8, 2021, 10:18pm

Hi @Tobias_Trabelsi ,

Thanks a lot!

system · September 15, 2021, 10:18pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.