SonarQube Community Edition on k8s Role "sonarUser" does not exist

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  • what are you trying to achieve
  • what have you tried so far to achieve this

Hello folks - I am trying to install SonarQube Community Edition in a kubenetes v1.24 cluster using Deploy a SonarQube Cluster on Kubernetes | SonarQube Docs The only update i made to the default values.yaml was setting volumePermissions.enabled = true to allow the sonarqube-postgresql-0 pod access to the PVC mount. When this pod initially starts, it outputs up to the lines below, then the pod terminates and restarts.
INFO ==> Initializing PostgreSQL database…
INFO ==> pg_hba.conf file not detected. Generating it…
INFO ==> Generating local authentication configuration
On restart the pod seems to complete Postgresql startup but does not create the sonarUser, thus nothing can log into the DB. I’m looking for any hints on how to get the initialization to create the user so that the DB can be logged into.
I have retried from scratch by deleting the helm chart and PVC but get the same results - any assistance would be appreciated.

Hey @patn,

thanks for your post, very interesting topic. Given that you are trying to deploy a community edition, you are probably following Deploy SonarQube on Kubernetes | SonarQube Docs (if not, please follow these steps, as the other page you mentioned relates to the data-center edition).

To help us replicate the issue, currently how do you mount the volume to sonarqube-postgresql-0? Can you share the k8s manifest files?

Best,
Carmine

Hi Carmine - thanks for the response and you are correct, i posted the wrong link and i have been following the steps in the link you provided.
Any suggestions for figuring this out would be greatly appreciated.
The PVC is handled by IBM K8s (IKS) service using an NFS mount.

kubectl get pvc -A
NAMESPACE   NAME                          STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS     AGE
sonarqube   data-sonarqube-postgresql-0   Bound    pvc-4d364f93-fa5c-4096-a0e0-8d3e050be5a8   20Gi       RWO            ibmc-file-gold   21h
kubectl get pv -A
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                                   STORAGECLASS     REASON   AGE
pvc-4d364f93-fa5c-4096-a0e0-8d3e050be5a8   20Gi       RWO            Delete           Bound    sonarqube/data-sonarqube-postgresql-0   ibmc-file-gold            21h

I think the mount is working ok, once I set “volumePermissions.enabled = true” in the helm values overrides (prior to this postgresql pod failed with permissions error getting to the mount).
Here is the statefulset.apps/sonarqube-postgresql:

statefulset.apps/sonarqube-postgresql ``` kubectl describe statefulset.apps/sonarqube-postgresql -n sonarqube Name: sonarqube-postgresql Namespace: sonarqube CreationTimestamp: Thu, 29 Sep 2022 14:47:59 -0500 Selector: app.kubernetes.io/instance=sonarqube,app.kubernetes.io/name=postgresql,role=primary Labels: app.kubernetes.io/component=primary app.kubernetes.io/instance=sonarqube app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=postgresql helm.sh/chart=postgresql-10.15.0 Annotations: meta.helm.sh/release-name: sonarqube meta.helm.sh/release-namespace: sonarqube Replicas: 1 desired | 1 total Update Strategy: RollingUpdate Pods Status: 1 Running / 0 Waiting / 0 Succeeded / 0 Failed Pod Template: Labels: app.kubernetes.io/component=primary app.kubernetes.io/instance=sonarqube app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=postgresql helm.sh/chart=postgresql-10.15.0 role=primary Init Containers: init-chmod-data: Image: docker.io/bitnami/bitnami-shell:10-debian-10-r299 Port: Host Port: Command: /bin/sh -cx chown 1001:1001 /bitnami/postgresql mkdir -p /bitnami/postgresql/data chmod 700 /bitnami/postgresql/data find /bitnami/postgresql -mindepth 1 -maxdepth 1 -not -name "conf" -not -name ".snapshot" -not -name "lost+found" | \ xargs chown -R 1001:1001
Limits:
  cpu:     2
  memory:  2Gi
Requests:
  cpu:        100m
  memory:     200Mi
Environment:  <none>
Mounts:
  /bitnami/postgresql from data (rw)
  /dev/shm from dshm (rw)

Containers:
sonarqube-postgresql:
Image: docker.io/bitnami/postgresql:11.14.0-debian-10-r22
Port: 5432/TCP
Host Port: 0/TCP
Limits:
cpu: 2
memory: 2Gi
Requests:
cpu: 100m
memory: 200Mi
Liveness: exec [/bin/sh -c exec pg_isready -U “sonarUser” -d “dbname=sonarDB” -h 127.0.0.1 -p 5432] delay=30s timeout=5s period=10s #success=1 #failure=6
Readiness: exec [/bin/sh -c -e exec pg_isready -U “sonarUser” -d “dbname=sonarDB” -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
] delay=5s timeout=5s period=10s #success=1 #failure=6
Environment:
BITNAMI_DEBUG: false
POSTGRESQL_PORT_NUMBER: 5432
POSTGRESQL_VOLUME_DIR: /bitnami/postgresql
PGDATA: /bitnami/postgresql/data
POSTGRES_POSTGRES_PASSWORD: <set to the key ‘postgresql-postgres-password’ in secret ‘sonarqube-postgresql’> Optional: false
POSTGRES_USER: sonarUser
POSTGRES_PASSWORD: <set to the key ‘postgresql-password’ in secret ‘sonarqube-postgresql’> Optional: false
POSTGRES_DB: sonarDB
POSTGRESQL_ENABLE_LDAP: no
POSTGRESQL_ENABLE_TLS: no
POSTGRESQL_LOG_HOSTNAME: false
POSTGRESQL_LOG_CONNECTIONS: false
POSTGRESQL_LOG_DISCONNECTIONS: false
POSTGRESQL_PGAUDIT_LOG_CATALOG: off
POSTGRESQL_CLIENT_MIN_MESSAGES: error
POSTGRESQL_SHARED_PRELOAD_LIBRARIES: pgaudit
Mounts:
/bitnami/postgresql from data (rw)
/dev/shm from dshm (rw)
Volumes:
dshm:
Type: EmptyDir (a temporary directory that shares a pod’s lifetime)
Medium: Memory
SizeLimit:
Volume Claims:
Name: data
StorageClass:
Labels:
Annotations:
Capacity: 20Gi
Access Modes: [ReadWriteOnce]
Events:

</details>
The postgresql pod is running (after the 1 restart i mentioned above) but the Liveness probe fails with:

2022-09-29 20:18:53.883 GMT [2379] FATAL: password authentication failed for user “sonarUser”
2022-09-29 20:18:53.883 GMT [2379] DETAIL: Role “sonarUser” does not exist.
Connection matched pg_hba.conf line 1: “host all all 0.0.0.0/0 md5”

kubectl get pod -n sonarqube
NAME READY STATUS RESTARTS AGE
sonarqube-postgresql-0 1/1 Running 1 (22h ago) 22h
sonarqube-sonarqube-0 0/1 Running 247 (5m4s ago) 22h