CACerts build blocked in Kubernetes Helm Chart

CA-certs volume is empty:

  • 8.9-community
  • Silent fail with no errors, but java debug showed that trustore has no cacerts
  • Kubernetes deployment. Take deploymentType: “StatefulSet” and locate your certificates in k8s secrets as per documentation. My certs were used for LDAPS.
  • Fix sonarqube-sts.yaml:
    Line 64: {{- if or .Values.initSysctl.enabled .Values.elasticsearch.configureNode }}
    Should go to Line 88.
    Otherwise it blocks ca-certs initContainer.

I could miss something but it is also important to mention somewhere in this documentation page that persistency is a requirement for custom certificates in k8s deployment.

Last thing. I noticed that ca-certs initContainer creates a password “-storepass changeit”. Not sure if it is built in sonarqube container. I just provided jvmOpts: “” in my values.yaml.

Thank you.

1 Like

Hi @konstantin ,

good catch :+1: this has probably not been catched in testing as the initSysctl.enabled value is true by default. i have addressed your finding in this PR.

regarding the trust store password; changeit is the default by java as far as i know, so we are just using it here to fill the truststore with new certificates.

1 Like

Hi @Tobias_Trabelsi ,

Thanks a lot! :+1:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.