We want to deploy SonarQube on Kubernetes with settings encryption, so the goal is to remove clear passwords from settings (database or SCM credentials for instance). We have deployed the server without encryption which is up and running. But when configuring the generated secret key to the value.yml, we are getting persistent volume claim errors which leads the pod to a pending state. So can anyone explain where we made the mistake?
NAME READY STATUS RESTARTS AGE
sonarqube-postgresql-0 1/1 Running 0 2h
sonarqube-sonarqube-0 0/1 Pending 0 2h
Interested in hearing how this is done. Thanks!
Hello @bijin.benny and welcome to the community!
I’m not sure if this is the cause of your error, but I think there is some confusions between
sonarSecretKey, which are two different entities:
- You can load additional secret properties with the property
- You can set the encryption with
In your case, since you want to set the encryption, you should only use
sonarSecretKey property, and the key in the secret should be
sonar-secret.txt (and not
sonar-secret as per your screenshot).
Here is an example of a command to generate the secret from a file:
kubectl create secret generic my-secret --from-file=sonar-secret.txt
You can refer to this SonarQube to implement this