I am trying to make a better automatically ci with jenkins containing a stage for code scanning with sonarqube.
i am using for the installation and deployment flowing environment:
sonarqube v 7.9.x (Docker Image from the officially SQ docker hub )
crowd plugin 2.1.3
jenkins 2.249.3
kubernetes 1.17
everything is fine and works good, but one of annoying things , that maybe happen, when deleting/new creating PVC and lost actual configuration, that i have configured in sonarqube UI , specifically the groups/users permissions matrix for example : users permissions for Quality Profiles/Gates administration and Execute Analysis , as in the image
to avoid this, the best and safe solution is to load such configuration from a git repo as code (which is in k8s with flux synchronised ), i am wondering if there is a way to define such configurations as code and not only from UI (i have searched in main sonar.properties and in crowd plugin properties but nothing helped).
I don’t entirely follow what you’re trying to accomplish. But you’ll find a link to the on-board documentation of the web services that feed the UI in the page footer. Using the right combination of services you should be able to get and set what you want.
simply, is there any way to create group/permission template while deploying sonarqube? so i can add this to my deployment template to make sure that will be creating automatically when deleting the deployment and creating it once again.
in LDAP plugin maybe i can define a group and bind the permission to it, but i am using crowd, so i did not find a useful way to do the same.
yes but the problem , we use the DB as a pod in k8s cluster.
that means , when deleting the helmRelease for the whole deployment (with PVC) ,then everything return to the default configuration, und we must configure those again .
anyway, thanks for your help.
Hello @deaamoflih Were you ever able to figure out the answer to your problem? I have the same need, I want to externalize all of the ‘project settings’ that I have configured in the UI and then load those settings up automatically when I bring up a new instance of sonarqube like say in a kubernetes cluster.
@gamerson
Hi,
actually i couldn’t get all ui settings and configurations as code in my repo. i did not find a way to get this to work as expected… alternatively i keep all settings and configurations i need in a “PVC” , which “solve” this issue somehow. so every time the pod restart (SQ or dependencies) or even new deployment needed, it loads the saved infos from this persistent volume …
the only way which can ruin this is to delete the PV , that what you absolutely do not want to do, before having a backup and setting the reclaim policy of this PersistentVolume matching your needs.
We addressed this specific issue with one of our platform’s component - sonar-operator [1]:
It has specific CustomResourceDefinition SonarPermissionTemplate, see CR definition below:
Currently this operator expects that you are using it within our platform, but the idea is to make it completely autonomous and re-usable with baseline SonarQube deployment
For example, another CR we’ve implemented is SonarGroup, so you can create groups like so: