Hi, I’m trying to make my sonarqube use secrets for the PostgreSQL password. The secret is created and works if the parameter jdbcPassword.jdbcPassword is set. But when I comment on this and use jdbcSecretName and jdbcSecretPasswordKey, Sonarqube starts and stays in maintenance mode.
This is my values.yaml (I created a sonarqube schema on my Grafana AWS RDS to save some costs, hence the URL):
jdbcOverwrite:
enable: true
jdbcUrl: "jdbc:postgresql://grafana-management.clrgrotkfs5m.eu-west-1.rds.amazonaws.com:5432/sonarqube"
jdbcUsername: sonarqube_user
jdbcSecretName: sonarqube-jdbc-password
#jdbcSecretPasswordKey: SONARQUBE_JDBC_PASSWORD
postgresql:
enabled: false
ingress:
enabled: true
ingressClassName: nginx
hosts:
- name: sonarqube.mgt.forwardkeys.com
path: /
annotations:
nginx.ingress.kubernetes.io/client-body-buffer-size: "75m"
nginx.ingress.kubernetes.io/proxy-body-size: "50m"
nginx.ingress.kubernetes.io/proxy-send-timeout: "30"
nginx.ingress.kubernetes.io/proxy-read-timeout: "30"
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
ingress-nginx:
commonLabels: {}
controller:
addHeaders: {}
admissionWebhooks:
annotations: {}
certManager:
admissionCert:
duration: ""
enabled: false
rootCert:
duration: ""
certificate: /usr/local/certificates/cert
createSecretJob:
name: create
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
enabled: true
existingPsp: ""
extraEnvs: []
failurePolicy: Fail
key: /usr/local/certificates/key
labels: {}
name: admission
namespaceSelector: {}
objectSelector: {}
patch:
enabled: true
image:
digest: sha256:25d6a5f11211cc5c3f9f2bf552b585374af287b4debf693cacbe2da47daa5084
image: ingress-nginx/kube-webhook-certgen
pullPolicy: IfNotPresent
registry: registry.k8s.io
tag: v20231226-1a7112e06
labels: {}
networkPolicy:
enabled: false
nodeSelector:
kubernetes.io/os: linux
podAnnotations: {}
priorityClassName: ""
securityContext: {}
tolerations: []
patchWebhookJob:
name: patch
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
port: 8443
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 443
type: ClusterIP
affinity: {}
allowSnippetAnnotations: false
annotations: {}
autoscaling:
annotations: {}
behavior: {}
enabled: false
maxReplicas: 11
minReplicas: 1
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
autoscalingTemplate: []
config: {}
configAnnotations: {}
configMapNamespace: ""
containerName: controller
containerPort:
http: 80
https: 443
containerSecurityContext: {}
customTemplate:
configMapKey: ""
configMapName: ""
dnsConfig: {}
dnsPolicy: ClusterFirst
electionID: ""
enableAnnotationValidations: false
enableMimalloc: true
enableTopologyAwareRouting: false
existingPsp: ""
extraArgs: {}
extraContainers: []
extraEnvs: []
extraInitContainers: []
extraModules: []
extraVolumeMounts: []
extraVolumes: []
healthCheckHost: ""
healthCheckPath: /healthz
hostAliases: []
hostNetwork: false
hostPort:
enabled: false
ports:
http: 80
https: 443
hostname: {}
image:
allowPrivilegeEscalation: false
chroot: false
digest: sha256:1405cc613bd95b2c6edd8b2a152510ae91c7e62aea4698500d23b2145960ab9c
digestChroot: sha256:7eb46ff733429e0e46892903c7394aff149ac6d284d92b3946f3baf7ff26a096
image: ingress-nginx/controller
pullPolicy: IfNotPresent
readOnlyRootFilesystem: false
registry: registry.k8s.io
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: RuntimeDefault
tag: v1.9.6
ingressClass: nginx
ingressClassByName: false
ingressClassResource:
controllerValue: k8s.io/ingress-nginx
default: false
enabled: true
name: nginx
parameters: {}
keda:
apiVersion: keda.sh/v1alpha1
behavior: {}
cooldownPeriod: 300
enabled: false
maxReplicas: 11
minReplicas: 1
pollingInterval: 30
restoreToOriginalReplicaCount: false
scaledObject:
annotations: {}
triggers: []
kind: Deployment
labels: {}
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
livenessProbe:
failureThreshold: 1
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
maxmindLicenseKey: ""
metrics:
enabled: true
port: 10254
portName: metrics
prometheusRule:
additionalLabels: {}
enabled: false
rules: []
service:
annotations: {}
externalIPs: []
labels: {}
loadBalancerSourceRanges: []
servicePort: 10254
type: ClusterIP
serviceMonitor:
additionalLabels: {}
annotations: {}
enabled: false
metricRelabelings: []
namespace: ""
namespaceSelector: {}
relabelings: []
scrapeInterval: 30s
targetLabels: []
minAvailable: 1
minReadySeconds: 0
name: controller
networkPolicy:
enabled: false
nodeSelector:
kubernetes.io/os: linux
opentelemetry:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
enabled: false
image:
digest: sha256:13bee3f5223883d3ca62fee7309ad02d22ec00ff0d7033e3e9aca7a9f60fd472
distroless: true
image: ingress-nginx/opentelemetry
registry: registry.k8s.io
tag: v20230721-3e2062ee5
name: opentelemetry
resources: {}
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
priorityClassName: ""
proxySetHeaders: {}
publishService:
enabled: true
pathOverride: ""
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
replicaCount: 1
reportNodeInternalIp: false
resources:
requests:
cpu: 100m
memory: 90Mi
scope:
enabled: false
namespace: ""
namespaceSelector: ""
service:
annotations: {}
appProtocol: true
clusterIP: ""
enableHttp: true
enableHttps: true
enabled: true
external:
enabled: true
externalIPs: []
externalTrafficPolicy: ""
internal:
annotations: {}
appProtocol: true
clusterIP: ""
enabled: false
externalIPs: []
externalTrafficPolicy: ""
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
ports: {}
sessionAffinity: ""
targetPorts: {}
type: ""
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
labels: {}
loadBalancerClass: ""
loadBalancerIP: ""
loadBalancerSourceRanges: []
nodePorts:
http: ""
https: ""
tcp: {}
udp: {}
ports:
http: 80
https: 443
sessionAffinity: ""
targetPorts:
http: http
https: https
type: LoadBalancer
shareProcessNamespace: false
sysctls: {}
tcp:
annotations: {}
configMapNamespace: ""
terminationGracePeriodSeconds: 300
tolerations: []
topologySpreadConstraints: []
udp:
annotations: {}
configMapNamespace: ""
updateStrategy: {}
watchIngressWithoutClass: false
defaultBackend:
affinity: {}
autoscaling:
annotations: {}
enabled: false
maxReplicas: 2
minReplicas: 1
targetCPUUtilizationPercentage: 50
targetMemoryUtilizationPercentage: 50
containerSecurityContext: {}
enabled: false
existingPsp: ""
extraArgs: {}
extraConfigMaps: []
extraEnvs: []
extraVolumeMounts: []
extraVolumes: []
image:
allowPrivilegeEscalation: false
image: defaultbackend-amd64
pullPolicy: IfNotPresent
readOnlyRootFilesystem: true
registry: registry.k8s.io
runAsNonRoot: true
runAsUser: 65534
seccompProfile:
type: RuntimeDefault
tag: "1.5"
labels: {}
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
minAvailable: 1
minReadySeconds: 0
name: defaultbackend
networkPolicy:
enabled: false
nodeSelector:
kubernetes.io/os: linux
podAnnotations: {}
podLabels: {}
podSecurityContext: {}
port: 8080
priorityClassName: ""
readinessProbe:
failureThreshold: 6
initialDelaySeconds: 0
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
replicaCount: 1
resources: {}
service:
annotations: {}
externalIPs: []
loadBalancerSourceRanges: []
servicePort: 80
type: ClusterIP
serviceAccount:
automountServiceAccountToken: true
create: true
name: ""
tolerations: []
updateStrategy: {}
dhParam: ""
enabled: false
global: {}
imagePullSecrets: []
namespaceOverride: ""
podSecurityPolicy:
enabled: false
portNamePrefix: ""
rbac:
create: true
scope: false
revisionHistoryLimit: 10
serviceAccount:
annotations: {}
automountServiceAccountToken: true
create: true
name: ""
tcp: {}
udp: {}
What am I missing or doing wrong?
Thank you!