Facing an issue with starting up Sonarqube using SonarSource helm chart

I’m trying to deploy Sonarqube Enterprise version on a Kubernetes cluster using SonarSource’s helm chart, but the application container fails to start up and throws the following error -

Type     Reason  Age                       From     Message
  ----     ------  ----                      ----     -------
  Warning  Failed  34m (x35129 over 5d7h)    kubelet  Error: secret "sonarqube-sonarqube" not found

Here is my values.yaml

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: sonarqube
  namespace: sonarqube
spec:
  chart:
    spec:
      version: "4.0.2"
      sourceRef:
        kind: HelmRepository
        name: sonarsource
        namespace: sonarqube
  values:
    edition: enterprise
    image:
      repository: sonarqube
      tag: 9.0.1-enterprise
    ingress:
      enabled: false
      hosts:
        - name: "hostname"
    readinessProbe:
      # If an ingress *path* other than the root (/) is defined, it should be reflected here
      # A trailing "/" must be included
      sonarWebContext: /sonar/
    livenessProbe:
      sonarWebContext: /sonar/
    postgresql: 
      # Using external postgres db 
      enabled: false
      postgresqlServer: "postgres-server-name"
      # Usinig external secret 
      # line below: 
      existingSecret: "sonar-postgres-password"
      postgresqlUsername: "sonar"
      postgresqlDatabase: "sonar"

I don’t know what’s the origin of that error. Is there a config property that I need to set in order to not require sonar-sonarqube secret? I used to use Oteemo’s sonarqube helm chart, and never faced this issue. Does anyone know how to resolve this?

1 Like

Hi @mjhumkhawala and welcome to the community!

I’m not sure about the expected result of the helm chart configuration:

You are configuring the PostgreSQL section:

    postgresql: 
      # Using external postgres db 
      enabled: false
      postgresqlServer: "postgres-server-name"
      # Usinig external secret 
      # line below: 
      existingSecret: "sonar-postgres-password"
      postgresqlUsername: "sonar"
      postgresqlDatabase: "sonar"

Yet the postgresql.enabled flag is set to false, so it will never be created.

Do you expect to connect to an external database or connect to the embedded PostgreSQL database?

In case of external database, you need to specify jdbcOverwrite section in your values

1 Like

Hi,

The pod logs showed that the container failed to start up with CreateContainerConfigError, which means the container is waiting for a missing ConfigMap or Secret. So I created a dummy Secret called secret.yaml -

apiVersion: v1
kind: Secret
metadata:
 name: sonarqube-sonarqube
 namespace: sonarqube
type: Opaque
stringData:
 DB_USER: "userName"
 DB_PASSWORD: "password"

and applied it, and restarted the pods. This time the error was -

Warning  Failed     4s (x5 over 35s)  kubelet            Error: couldn't find key jdbc-password in Secret sonarqube/sonarqube-sonarqube

I updated my values.yaml and added jdbcOverwrite section

apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
  name: sonarqube
  namespace: sonarqube
spec:
  chart:
    spec:
      version: "4.0.2"
      sourceRef:
        kind: HelmRepository
        name: sonarsource
        namespace: sonarqube
  values:
    edition: enterprise
    image:
      repository: sonarqube
      tag: 9.0.1-enterprise
    ingress:
      enabled: false
      hosts:
        - name: "hostname"
    readinessProbe:
      # If an ingress *path* other than the root (/) is defined, it should be reflected here
      # A trailing "/" must be included
      sonarWebContext: /sonar/
    livenessProbe:
      sonarWebContext: /sonar/
    jdbcOverwrite:
      enabled: true
      jdbcUrl: jdbc:postgresql://rdsEndpoint:portNumber/dbNameIsSonar?socketTimeout=150
      jdbcUsername: sonar
      jdbcSecretName: sonar-postgres-password   #Using k8s secret instead of password in plaintext
    postgresql: 
      # Using external postgres db 
      enabled: false
      postgresqlServer: "postgres-server-name"
      # Usinig external secret 
      # line below: 
      existingSecret: "sonar-postgres-password"
      postgresqlUsername: "sonar"
      postgresqlDatabase: "sonar"

This did not resolve the issue. I don’t understand why is Sonarqube looking for a k8s secret with jdbc username and password during container start up?

1 Like

Hi @mjhumkhawala ,

the error you are facing originates from the secret you created. it is expected that it holds information about the JDBC password from a specific key. Per default that key would be jdbc-password but it can be configured to be something different with jdbcOverwrite.jdbcSecretPasswordKey as stated in the README.

assuming your secret looks like the one you posted, a valid configuration would look like this:

    jdbcOverwrite:
      enabled: true
      jdbcUrl: jdbc:postgresql://rdsEndpoint:portNumber/dbNameIsSonar?socketTimeout=150
      jdbcUsername: sonar
      jdbcSecretName: sonarqube-sonarqube 
      jdbcSecretPasswordKey: DB_PASSWORD

hope that helps :slight_smile:

2 Likes