Helm Chart Probes Issue with Hardened Container Images (no wget)

Hi, we are deploying sonarqube using the helm chart, but we are using hardened/minimal container images for security. This causes an issue with the liveness and readiness probes because they use wget to hit the endpoints helm-chart-sonarqube/charts/sonarqube/templates/deployment.yaml at b47225c7bbb399cad6059458012aae826389bb35 · SonarSource/helm-chart-sonarqube · GitHub

To work around this we are using a fork of the helm chart that simplifies the probes to just this:

              path: /
              scheme: HTTP
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
            failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
              path: /api/system/status
              scheme: HTTP
              port: {{ .Values.service.internalPort }}
            initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
            failureThreshold: {{ .Values.readinessProbe.failureThreshold }}

1- Is there another way to make this work without maintaining a fork of the helm chart?
2- Is there a possibility of adding a helm value to enable simplified probes and disable the wget based ones? I can craft up a PR for that or some other suggestion if it’s something the community is open to.

The bitnami chart for it has another approach allowing custom probe implementations for each probe, and the default ones are simplified charts/bitnami/sonarqube/templates/deployment.yaml at 8d10e2d90ddaf91b473456c4c6f5fdcf15731a38 · bitnami/charts · GitHub

I’d be happy to contribute something if there is another option the community/maintainers would be open to. We would prefer to use the SonarSource chart but as far as I know we just can’t use it right now unless wget is in our images which is not an option at this point.


I opened a pull request here if someone could take a look. It’s pretty simple, just moves more of the probe definition out to the values.yaml so it can be overridden.


Dear @Eric_Wyles,

Thanks for opening the PR. Just gave my feedback on it :slight_smile:

I’m sure it will get merged soon!


Hi Carmine! I made some updates and put that back to you for re-review. Please let me know if I need to address anything else. Thank you!