I’m trying to deploy Sonarqube Enterprise version on a Kubernetes cluster using SonarSource’s helm chart, but the application container fails to start up and throws the following error -
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Failed 34m (x35129 over 5d7h) kubelet Error: secret "sonarqube-sonarqube" not found
Here is my values.yaml
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sonarqube
namespace: sonarqube
spec:
chart:
spec:
version: "4.0.2"
sourceRef:
kind: HelmRepository
name: sonarsource
namespace: sonarqube
values:
edition: enterprise
image:
repository: sonarqube
tag: 9.0.1-enterprise
ingress:
enabled: false
hosts:
- name: "hostname"
readinessProbe:
# If an ingress *path* other than the root (/) is defined, it should be reflected here
# A trailing "/" must be included
sonarWebContext: /sonar/
livenessProbe:
sonarWebContext: /sonar/
postgresql:
# Using external postgres db
enabled: false
postgresqlServer: "postgres-server-name"
# Usinig external secret
# line below:
existingSecret: "sonar-postgres-password"
postgresqlUsername: "sonar"
postgresqlDatabase: "sonar"
I don’t know what’s the origin of that error. Is there a config property that I need to set in order to not require sonar-sonarqube secret? I used to use Oteemo’s sonarqube helm chart, and never faced this issue. Does anyone know how to resolve this?
The pod logs showed that the container failed to start up with CreateContainerConfigError, which means the container is waiting for a missing ConfigMap or Secret. So I created a dummy Secret called secret.yaml -
and applied it, and restarted the pods. This time the error was -
Warning Failed 4s (x5 over 35s) kubelet Error: couldn't find key jdbc-password in Secret sonarqube/sonarqube-sonarqube
I updated my values.yaml and added jdbcOverwrite section
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: sonarqube
namespace: sonarqube
spec:
chart:
spec:
version: "4.0.2"
sourceRef:
kind: HelmRepository
name: sonarsource
namespace: sonarqube
values:
edition: enterprise
image:
repository: sonarqube
tag: 9.0.1-enterprise
ingress:
enabled: false
hosts:
- name: "hostname"
readinessProbe:
# If an ingress *path* other than the root (/) is defined, it should be reflected here
# A trailing "/" must be included
sonarWebContext: /sonar/
livenessProbe:
sonarWebContext: /sonar/
jdbcOverwrite:
enabled: true
jdbcUrl: jdbc:postgresql://rdsEndpoint:portNumber/dbNameIsSonar?socketTimeout=150
jdbcUsername: sonar
jdbcSecretName: sonar-postgres-password #Using k8s secret instead of password in plaintext
postgresql:
# Using external postgres db
enabled: false
postgresqlServer: "postgres-server-name"
# Usinig external secret
# line below:
existingSecret: "sonar-postgres-password"
postgresqlUsername: "sonar"
postgresqlDatabase: "sonar"
This did not resolve the issue. I don’t understand why is Sonarqube looking for a k8s secret with jdbc username and password during container start up?
the error you are facing originates from the secret you created. it is expected that it holds information about the JDBC password from a specific key. Per default that key would be jdbc-password but it can be configured to be something different with jdbcOverwrite.jdbcSecretPasswordKey as stated in the README.
assuming your secret looks like the one you posted, a valid configuration would look like this:
