Hi, we are deploying sonarqube using the helm chart, but we are using hardened/minimal container images for security. This causes an issue with the liveness and readiness probes because they use wget to hit the endpoints helm-chart-sonarqube/charts/sonarqube/templates/deployment.yaml at b47225c7bbb399cad6059458012aae826389bb35 · SonarSource/helm-chart-sonarqube · GitHub
To work around this we are using a fork of the helm chart that simplifies the probes to just this:
livenessProbe:
httpGet:
path: /
scheme: HTTP
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
readinessProbe:
httpGet:
path: /api/system/status
scheme: HTTP
port: {{ .Values.service.internalPort }}
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
Questions:
1- Is there another way to make this work without maintaining a fork of the helm chart?
2- Is there a possibility of adding a helm value to enable simplified probes and disable the wget based ones? I can craft up a PR for that or some other suggestion if it’s something the community is open to.
The bitnami chart for it has another approach allowing custom probe implementations for each probe, and the default ones are simplified charts/bitnami/sonarqube/templates/deployment.yaml at 8d10e2d90ddaf91b473456c4c6f5fdcf15731a38 · bitnami/charts · GitHub
I’d be happy to contribute something if there is another option the community/maintainers would be open to. We would prefer to use the SonarSource chart but as far as I know we just can’t use it right now unless wget is in our images which is not an option at this point.
Thanks!
