SonarQube in AKS not connecting to external Azure SQL Database

Hi. When I use docker run and config sonar environment variables (SONAR_JDBC_USERNAME, etc) I can connect to this external Azure SQL database. For example:

docker run -d --name sonarqube \
    -p 9000:9000 \
    -e SONAR_JDBC_URL='jdbc:sqlserver://sql-server.database.windows.net:1433;database=SonarQube-DB;user=user2021@sql-server;password=user2021;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;' \
    -e SONAR_JDBC_USERNAME=user2021 \
    -e SONAR_JDBC_PASSWORD='user2021' \
    -v sonarqube_data:/opt/sonarqube/data \
    -v sonarqube_extensions:/opt/sonarqube/extensions \
    -v sonarqube_logs:/opt/sonarqube/logs \
    sonarqube:8.7-community

But when I run it in a pod in AKS, it crashes with the following message:

2021.05.14 20:18:23 INFO  app[][o.s.a.AppFileSystem] Cleaning or creating temp directory /opt/sonarqube/temp
 
2021.05.14 20:18:24 INFO  app[][o.s.a.es.EsSettings] Elasticsearch listening on [HTTP: 127.0.0.1:9001, TCP: 127.0.0.1:32785]
2021.05.14 20:18:27 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='es', ipcIndex=1, logFilenamePrefix=es]] from [/opt/sonarqube/elasticsearch]: /opt/sonarqube/elasticsearch/bin/elasticsearch
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
2021.05.14 20:18:28 INFO  app[][o.s.a.SchedulerImpl] Waiting for Elasticsearch to be up and running
warning: no-jdk distributions that do not bundle a JDK are deprecated and will be removed in a future release
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
2021.05.14 20:20:22 INFO  es[][o.e.n.Node] version[7.12.1], pid[30], build[default/tar/3186837139b9c6b6d23c3200870651f10d3343b7/2021-04-20T20:56:39.040728659Z], OS[Linux/5.4.0-1043-azure/amd64], JVM[AdoptOpenJDK/OpenJDK 64-Bit Server VM/11.0.11/11.0.11+9]
2021.05.14 20:20:22 INFO  es[][o.e.n.Node] JVM home [/opt/java/openjdk]
2021.05.14 20:20:22 INFO  es[][o.e.n.Node] JVM arguments [-XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -Djava.io.tmpdir=/opt/sonarqube/temp, -XX:ErrorFile=../logs/es_hs_err_pid%p.log, -Des.networkaddress.cache.ttl=60, -Des.networkaddress.cache.negative.ttl=10, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dio.netty.allocator.numDirectArenas=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.locale.providers=COMPAT, -Des.enforce.bootstrap.checks=true, -Xmx512m, -Xms512m, -XX:MaxDirectMemorySize=256m, -XX:+HeapDumpOnOutOfMemoryError, -Des.path.home=/opt/sonarqube/elasticsearch, -Des.path.conf=/opt/sonarqube/temp/conf/es, -Des.distribution.flavor=default, -Des.distribution.type=tar, -Des.bundled_jdk=false]
2021.05.14 20:20:50 INFO  es[][o.e.p.PluginsService] loaded module [analysis-common]
2021.05.14 20:20:51 INFO  es[][o.e.p.PluginsService] loaded module [lang-painless]
2021.05.14 20:20:51 INFO  es[][o.e.p.PluginsService] loaded module [parent-join]
2021.05.14 20:20:51 INFO  es[][o.e.p.PluginsService] loaded module [percolator]
2021.05.14 20:20:51 INFO  es[][o.e.p.PluginsService] loaded module [transport-netty4]
2021.05.14 20:20:51 INFO  es[][o.e.p.PluginsService] no plugins loaded
2021.05.14 20:20:53 INFO  es[][o.e.e.NodeEnvironment] using [1] data paths, mounts [[/opt/sonarqube/data (/dev/sdc)]], net usable_space [4.8gb], net total_space [4.8gb], types [ext4]
2021.05.14 20:20:53 INFO  es[][o.e.e.NodeEnvironment] heap size [503.6mb], compressed ordinary object pointers [true]
2021.05.14 20:20:59 INFO  es[][o.e.n.Node] node name [sonarqube], node ID [Go4K7aUJSXC6EK1uUkc7hg], cluster name [sonarqube], roles [master, remote_cluster_client, data, ingest]
2021.05.14 20:23:25 INFO  es[][o.e.t.NettyAllocator] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=false, g1gc_region_size=0b, heap_size=503.6mb}]
2021.05.14 20:23:29 INFO  es[][o.e.d.DiscoveryModule] using discovery type [zen] and seed hosts providers [settings]
2021.05.14 20:23:47 INFO  es[][o.e.g.DanglingIndicesState] gateway.auto_import_dangling_indices is disabled, dangling indices will not be automatically detected or imported and must be managed manually
2021.05.14 20:23:57 INFO  es[][o.e.n.Node] initialized
2021.05.14 20:23:57 INFO  es[][o.e.n.Node] starting ...
2021.05.14 20:24:04 INFO  es[][o.e.t.TransportService] publish_address {127.0.0.1:32785}, bound_addresses {127.0.0.1:32785}
2021.05.14 20:24:14 INFO  es[][o.e.b.BootstrapChecks] explicitly enforcing bootstrap checks
2021.05.14 20:24:14 INFO  es[][o.e.c.c.Coordinator] cluster UUID [hN-4luc0RUyFSOuFAfuLBg]
2021.05.14 20:24:18 INFO  es[][o.e.c.c.JoinHelper] failed to join {sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube} with JoinRequest{sourceNode={sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube}, minimumTerm=34, optionalJoin=Optional[Join{term=35, lastAcceptedTerm=34, lastAcceptedVersion=73, sourceNode={sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube}, targetNode={sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube}}]}
org.elasticsearch.transport.RemoteTransportException: [sonarqube][127.0.0.1:32785][internal:cluster/coordination/join]
Caused by: org.elasticsearch.cluster.coordination.CoordinationStateRejectedException: incoming term 35 does not match current term 36
	at org.elasticsearch.cluster.coordination.CoordinationState.handleJoin(CoordinationState.java:214) ~[elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.cluster.coordination.Coordinator.handleJoin(Coordinator.java:1002) ~[elasticsearch-7.12.1.jar:7.12.1]
	at java.util.Optional.ifPresent(Unknown Source) ~[?:?]
	at org.elasticsearch.cluster.coordination.Coordinator.processJoinRequest(Coordinator.java:521) ~[elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.cluster.coordination.Coordinator.lambda$handleJoinRequest$7(Coordinator.java:485) ~[elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:117) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:405) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.transport.TransportService.connectToNode(TransportService.java:392) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.cluster.coordination.Coordinator.handleJoinRequest(Coordinator.java:472) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.cluster.coordination.JoinHelper.lambda$new$1(JoinHelper.java:130) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:61) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.transport.TransportService$8.doRun(TransportService.java:914) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:732) [elasticsearch-7.12.1.jar:7.12.1]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) [elasticsearch-7.12.1.jar:7.12.1]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.lang.Thread.run(Unknown Source) [?:?]
2021.05.14 20:24:21 INFO  es[][o.e.c.s.MasterService] elected-as-master ([1] nodes joined)[{sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 36, version: 74, delta: master node changed {previous [], current [{sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube}]}
2021.05.14 20:24:24 INFO  es[][o.e.c.s.ClusterApplierService] master node changed {previous [], current [{sonarqube}{Go4K7aUJSXC6EK1uUkc7hg}{K1iKevnbTh-MOA64aC4Ffg}{127.0.0.1}{127.0.0.1:32785}{dimr}{rack_id=sonarqube}]}, term: 36, version: 74, reason: Publication{term=36, version=74}
2021.05.14 20:24:27 INFO  es[][o.e.h.AbstractHttpServerTransport] publish_address {127.0.0.1:9001}, bound_addresses {127.0.0.1:9001}
2021.05.14 20:24:27 INFO  es[][o.e.n.Node] started
2021.05.14 20:24:29 INFO  es[][o.e.g.GatewayService] recovered [1] indices into cluster_state
2021.05.14 20:24:32 INFO  es[][o.e.m.j.JvmGcMonitorService] [gc][30] overhead, spent [501ms] collecting in the last [1.3s]
2021.05.14 20:24:42 WARN  es[][o.e.m.j.JvmGcMonitorService] [gc][38] overhead, spent [705ms] collecting in the last [1s]
2021.05.14 20:24:44 INFO  es[][o.e.m.j.JvmGcMonitorService] [gc][young][40][9] duration [701ms], collections [1]/[1.6s], total [701ms]/[8.7s], memory [105.7mb]->[48.8mb]/[503.6mb], all_pools {[young] [61.7mb]->[2.1mb]/[66.5mb]}{[survivor] [8mb]->[8.3mb]/[8.3mb]}{[old] [35.8mb]->[38.3mb]/[428.8mb]}
2021.05.14 20:24:44 INFO  es[][o.e.m.j.JvmGcMonitorService] [gc][40] overhead, spent [701ms] collecting in the last [1.6s]
2021.05.14 20:24:57 INFO  es[][o.e.c.r.a.AllocationService] Cluster health status changed from [RED] to [GREEN] (reason: [shards started [[metadatas][0]]]).
2021.05.14 20:25:07 INFO  app[][o.s.a.SchedulerImpl] Process[es] is up
2021.05.14 20:25:08 INFO  app[][o.s.a.ProcessLauncherImpl] Launch process[[key='web', ipcIndex=2, logFilenamePrefix=web]] from [/opt/sonarqube]: /opt/java/openjdk/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-8.9.0.43852.jar:/opt/sonarqube/lib/jdbc/mssql/mssql-jdbc-9.2.0.jre11.jar org.sonar.server.app.WebServer /opt/sonarqube/temp/sq-process5093117076667845023properties
2021.05.14 20:25:25 INFO  web[][o.s.p.ProcessEntryPoint] Starting web
2021.05.14 20:25:48 INFO  web[][o.a.t.u.n.NioSelectorPool] Using a shared selector for servlet write/read
2021.05.14 20:26:16 INFO  web[][o.s.s.e.EsClientProvider] Connected to local Elasticsearch: [http://localhost:9001]
2021.05.14 20:26:38 INFO  web[][o.s.s.p.LogServerVersion] SonarQube Server / 8.9.0.43852 / 681d1975f698b70fc4e981593f7bed298ff2f60d
2021.05.14 20:26:38 INFO  web[][o.sonar.db.Database] Create JDBC data source for jdbc:sqlserver://sql-server.database.windows.net:1433;database=SonarQube-DB;user=user2021@sql-server;password=user2021;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;
2021.05.14 20:26:56 ERROR web[][o.s.s.p.PlatformImpl] Web server startup failed
java.lang.IllegalStateException: Fail to connect to database
	at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:86)
	at org.sonar.core.platform.StartableCloseableSafeLifecyleStrategy.start(StartableCloseableSafeLifecyleStrategy.java:40)
	at org.picocontainer.injectors.AbstractInjectionFactory$LifecycleAdapter.start(AbstractInjectionFactory.java:84)
	at org.picocontainer.behaviors.AbstractBehavior.start(AbstractBehavior.java:169)
	at org.picocontainer.behaviors.Stored$RealComponentLifecycle.start(Stored.java:132)
	at org.picocontainer.behaviors.Stored.start(Stored.java:110)
	at org.picocontainer.DefaultPicoContainer.potentiallyStartAdapter(DefaultPicoContainer.java:1016)
	at org.picocontainer.DefaultPicoContainer.startAdapters(DefaultPicoContainer.java:1009)
	at org.picocontainer.DefaultPicoContainer.start(DefaultPicoContainer.java:767)
	at org.sonar.core.platform.ComponentContainer.startComponents(ComponentContainer.java:136)
	at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:90)
	at org.sonar.server.platform.platformlevel.PlatformLevel1.start(PlatformLevel1.java:166)
	at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:213)
	at org.sonar.server.platform.PlatformImpl.startLevel1Container(PlatformImpl.java:172)
	at org.sonar.server.platform.PlatformImpl.init(PlatformImpl.java:86)
	at org.sonar.server.platform.web.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:43)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4705)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5171)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.lang.IllegalStateException: Can not connect to database. Please check connectivity and settings (see the properties prefixed by 'sonar.jdbc.').
	at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:118)
	at org.sonar.db.DefaultDatabase.start(DefaultDatabase.java:83)
	... 24 common frames omitted
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing".)
	at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:669)
	at org.apache.commons.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:544)
	at org.apache.commons.dbcp2.BasicDataSource.getConnection(BasicDataSource.java:753)
	at org.sonar.db.profiling.NullConnectionInterceptor.getConnection(NullConnectionInterceptor.java:31)
	at org.sonar.db.profiling.ProfiledDataSource.getConnection(ProfiledDataSource.java:317)
	at org.sonar.db.DefaultDatabase.checkConnection(DefaultDatabase.java:115)
	... 25 common frames omitted
Caused by: com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Unexpected rethrowing".
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.terminate(SQLServerConnection.java:3208)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1916)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2760)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2418)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2265)
	at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1291)
	at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:881)
	at org.apache.commons.dbcp2.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:55)
	at org.apache.commons.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:355)
	at org.apache.commons.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:115)
	at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:665)
	... 30 common frames omitted
Caused by: javax.net.ssl.SSLException: Unexpected rethrowing
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.microsoft.sqlserver.jdbc.TDSChannel.enableSSL(IOBuffer.java:1824)
	... 39 common frames omitted
Caused by: java.io.IOException: Connection reset by peer (Write failed) ClientConnectionId:fda5b1eb-6cf4-4dd5-9232-2551a44722c1
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.ensureSSLPayload(IOBuffer.java:796)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.readInternal(IOBuffer.java:856)
	at com.microsoft.sqlserver.jdbc.TDSChannel$SSLHandshakeInputStream.read(IOBuffer.java:849)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.readInternal(IOBuffer.java:1019)
	at com.microsoft.sqlserver.jdbc.TDSChannel$ProxyInputStream.read(IOBuffer.java:1009)
	at java.base/sun.security.ssl.SSLSocketInputRecord.read(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketInputRecord.readHeader(Unknown Source)
	at java.base/sun.security.ssl.SSLSocketInputRecord.decode(Unknown Source)
	... 45 common frames omitted
2021.05.14 20:26:57 WARN  web[][o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [pool-1-thread-1] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:\n java.base@11.0.11/sun.nio.ch.EPoll.wait(Native Method)\n java.base@11.0.11/sun.nio.ch.EPollSelectorImpl.doSelect(Unknown Source)\n java.base@11.0.11/sun.nio.ch.SelectorImpl.lockAndDoSelect(Unknown Source)\n java.base@11.0.11/sun.nio.ch.SelectorImpl.select(Unknown Source)\n app//org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:343)\n app//org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:221)\n app//org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64)\n java.base@11.0.11/java.lang.Thread.run(Unknown Source)
2021.05.14 20:26:57 WARN  web[][o.a.c.l.WebappClassLoaderBase] The web application [ROOT] appears to have started a thread named [I/O dispatcher 1] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:\n java.base@11.0.11/sun.nio.ch.EPoll.wait(Native Method)\n java.base@11.0.11/sun.nio.ch.EPollSelectorImpl.doSelect(Unknown Source)\n java.base@11.0.11/sun.nio.ch.SelectorImpl.lockAndDoSelect(Unknown Source)\n java.base@11.0.11/sun.nio.ch.SelectorImpl.select(Unknown Source)\n app//org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:255)\n app//org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)\n app//org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)\n java.base@11.0.11/java.lang.Thread.run(Unknown Source)
2021.05.14 20:27:02 INFO  web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2021.05.14 20:27:02 INFO  web[][o.s.p.ProcessEntryPoint] Hard stopping process
2021.05.14 20:56:54 INFO  es[][o.e.m.j.JvmGcMonitorService] [gc][1947] overhead, spent [473ms] collecting in the last [1s]

Details

  • DockerHub SonarQube 8.7-community container running in Azure Kubernetes Service
  • External Azure SQL Database (public)

These are the deployment, persistent volume, service and ingress yml resources I’m using:

Deployment.yml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: sonar-deployment
  namespace: sonarqube
  labels:
    app: sonar-deployment
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonar-deployment
  template:
    metadata:
      labels:
        app: sonar-deployment
    spec:
      terminationGracePeriodSeconds: 15
      containers:
      - name: sonarqube
        image: sonarqube:8.7-community
        ports:
        - containerPort: 9000
        env:
        - name: SONAR_JDBC_USERNAME
          valueFrom:
            secretKeyRef:
              name: secret-sonar-bd
              key: username
        - name: SONAR_JDBC_PASSWORD
          valueFrom:
            secretKeyRef:
              name: secret-sonar-bd
              key: password
        - name: SONAR_JDBC_URL
          valueFrom:
            secretKeyRef:
              name: secret-sonar-bd
              key: url
        - name: SONAR_ES_BOOTSTRAP_CHECKS_DISABLE
          value: "true"
        resources:
         limits:
           cpu: "60m"
           memory: "3000Mi"
         requests:
           cpu: "10m"
           memory: "2000Mi"
        volumeMounts:
         - name: sonarqube-data
           mountPath: /opt/sonarqube/extensions
           subPath: extensions
         - name: sonarqube-data
           mountPath: /opt/sonarqube/data
           subPath: data
      volumes:
      - name: sonarqube-data
        persistentVolumeClaim:
           claimName: sonar-data-claim

Secret used in deployment:

kubectl create secret generic secret-sonar-bd --from-literal=username='user2021' --from-literal=password='user2021' --from-literal=url='jdbc:sqlserver://sql-server.database.windows.net:1433;database=SonarQube-DB;user=user2021@sql-server;password=user2021;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;' -n sonarqube

PersistentVolume.yml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: sonar-data-claim
  namespace: sonarqube
spec:
  accessModes:
  - ReadWriteOnce
  resources:
   requests:
    storage: 5Gi

Service.yml

apiVersion: v1
kind: Service
metadata:
  name: sonar-svc
  namespace: sonarqube
  labels:
    name: sonar-svc
spec:
  ports:
  - protocol: TCP
    port: 80
    targetPort: 9000
  selector:
    app: sonar-deployment

Ingress.yml

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/proxy-body-size: 200m
  name: ingress-tls
  namespace: sonarqube
spec:
  rules:
    - http:
        paths:
          - path: /sonarqube/
            backend:
              serviceName: sonar-svc
              servicePort: 80

I tried only using Service as LoadBalancer instead of Ingress to check if it did work, but it didn’t.

Steps to reproduce

Create an AKS instance and a external Azure SQL Database. Then deploy Sonarqube 8.7-community image into AKS and try connection with database, configurating environment variables in deployment.yml

Hi @gabrielg ,

did you already verify that the SQ pod is allowed to connect to this Azure SQL Database? Is there some kind of Firewall or Proxy in play here?

Apart from that i did a quick search for this specific driver error, and it could be related to the cipher suite that azure is using, can you force the connection to TLSv1 ( jdbc:sqlserver://sql-server.database.windows.net:1433;database=SonarQube-DB;user=user2021@sql-server;password=user2021;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;sslProtocol=TLSv1; ) and see if the error persists? there is a document in the microsoft documentation that explains some more workarounds here. This is unlikely as we ship a version of the jdbc driver that should already include a fix for this and outside k8s it is working, but it’s still worth a try.