The Helm chart supports podLabels for pod template labels, but there’s no way to add custom labels to the Deployment/StatefulSet metadata.labels itself.
This breaks in clusters using Kubernetes ValidatingAdmissionPolicy to enforce required labels on workload resources — the policy checks metadata.labels on the Deployment, not the pod template.
Suggested fix: Add a labels (or commonLabels) value that gets merged into sonarqube.workloadLabels in _helpers.tpl:
{{- with .Values.labels }}
{{ toYaml . }}
{{- end }}
This is a common pattern in other Helm charts (e.g. Bitnami’s commonLabels).
Chart version: 2025.1.5