How to deploy SonarQube from helm in Openshift 4.13

Must-share information (formatted with Markdown):

  • SonarQube LTS 9.9.2
  • how is SonarQube deployed: Helm
  • what are you trying to achieve:

I’m trying to deploy SonarQube LTS 9.9.2 following instructions here

  • what have you tried so far to achieve this
helm upgrade
  --install \
  -n sonarqube \
  --version ~8 \
  sonarqube sonarqube/sonarqube \
  --set OpenShift.enabled=true

And I’m getting this error:

0s          Warning   FailedCreate       statefulset/sonarqube-postgresql   create Pod sonarqube-postgresql-0 in StatefulSet sonarqube-postgresql failed error: pods "sonarqube-postgresql-0" is forbidden: unable to validate against any security context constraint: [provider "sonarqube-privileged-scc": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1000680000, 1000689999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "hostpath-provisioner": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]
0s          Warning   FailedCreate       statefulset/sonarqube-sonarqube    create Pod sonarqube-sonarqube-0 in StatefulSet sonarqube-sonarqube failed error: pods "sonarqube-sonarqube-0" is forbidden: unable to validate against any security context constraint: [provider "sonarqube-privileged-scc": Forbidden: not usable by user or serviceaccount, provider "anyuid": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1000}: 1000 is not an allowed group, provider restricted-v2: .initContainers[1].privileged: Invalid value: true: Privileged containers are not allowed, provider restricted-v2: .initContainers[2].runAsUser: Invalid value: 1000: must be in the ranges: [1000680000, 1000689999], provider restricted-v2: .containers[0].runAsUser: Invalid value: 1000: must be in the ranges: [1000680000, 1000689999], provider "restricted": Forbidden: not usable by user or serviceaccount, provider "nonroot-v2": Forbidden: not usable by user or serviceaccount, provider "nonroot": Forbidden: not usable by user or serviceaccount, provider "hostmount-anyuid": Forbidden: not usable by user or serviceaccount, provider "machine-api-termination-handler": Forbidden: not usable by user or serviceaccount, provider "hostnetwork-v2": Forbidden: not usable by user or serviceaccount, provider "hostnetwork": Forbidden: not usable by user or serviceaccount, provider "hostaccess": Forbidden: not usable by user or serviceaccount, provider "hostpath-provisioner": Forbidden: not usable by user or serviceaccount, provider "privileged": Forbidden: not usable by user or serviceaccount]

Which more settings/parameters are necessary to deploy SonarQube using Helm on Openshift successfully?

It was necessary to enable ServiceAccount confs to be possible to deploy helm in Openshift.

helm upgrade \
  --install \
  -n sonarqube \
  --version ~8 \
  sonarqube sonarqube/sonarqube \
  --set OpenShift.enabled=true \
  --set postgresql.serviceAccount.enabled=true \
  --set serviceAccount.create=true
2 Likes

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.