Configure Settings Encryption for SonarQube using Helm Chart

Hi team,

We want to deploy SonarQube on Kubernetes with settings encryption, so the goal is to remove clear passwords from settings (database or SCM credentials for instance). We have deployed the server without encryption which is up and running. But when configuring the generated secret key to the value.yml, we are getting persistent volume claim errors which leads the pod to a pending state. So can anyone explain where we made the mistake?

NAME READY STATUS RESTARTS AGE

sonarqube-postgresql-0 1/1 Running 0 2h
sonarqube-sonarqube-0  0/1 Pending 0 2h

value.yaml file:

Secret created:

Interested in hearing how this is done. Thanks!

Hello @bijin.benny and welcome to the community!

I’m not sure if this is the cause of your error, but I think there is some confusions between sonarSecretProperties and sonarSecretKey, which are two different entities:

  • You can load additional secret properties with the property sonarSecretProperties
  • You can set the encryption with sonarSecretKey

In your case, since you want to set the encryption, you should only use sonarSecretKey property, and the key in the secret should be sonar-secret.txt (and not sonar-secret as per your screenshot).

Here is an example of a command to generate the secret from a file:
kubectl create secret generic my-secret --from-file=sonar-secret.txt

You can refer to this SonarQube to implement this