Expose SonarQube related metrics to Prometheus without passing authentication


We are using SonarQube 7.9.6 which is hosted on Kubernetes platform.
We are trying to expose SonarQube app related metrics to Prometheus and facing some difficulties.
Here, It is worth to note that

  • we have enabled force user authentication from SonarQube side (Administration > General Settings > Security )
  • We have centralised team managing Prometheus centrally across the organization and currently it is not feasible to add auth/token to Prometheus server.

We have tried to configure Sonarqube Prometheus Exporter in our setup and observed that we are getting 401 error when we try to access path on which metrics are defined to expose. It is quite obvious to get 401 error we have enabled user authentication and we are not passing authentication to Prometheus.
In short, Prometheus is not able to authenticate SonarQube and so not able to fetch metrics.

We have below queries and request to solve them if you have information about them:

  • Is there any way to expose SonarQube application related metrics to Prometheus without any authentication ?
  • Is it possible to have sidecar container from where we can expose metrics to another port (other than mail port on which sonar is exposed) and that in turns expose metrics to Prometheus without any authentication ?
  • Are you familiar with better/ alternative approach to our use case ?

Hello @jariwala ,

no if you enforce authentication there is no other way to expose metrics without authentication. else this would be a security concern :sweat_smile:
speaking of security concerns, your sonarqube version is EOL and you should update to the current LTS (8.9) or the latest release (9.0) in order to stay save.

with the current LTS we also included support for running sonarqube on kubernetes using our helm charts where we expose metrics for monitoring purposes to a prometheus endpoint. these metrics are not the same as the prometheus exporter you referenced. if you are looking for something on that level you will probably need to implement it yourself.

hope that clarifies things

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.