SonarQube Liveness probe failed after helm chart update to version 6.0.1+425

totobaa · November 9, 2022, 2:27pm

wget ignores no_proxy variable and connects to proxy server. So the liveness probe will fail and the pod will be restarted after a few minutes.

kubectl exec -n sonarqube-enterprise sonarqube-enterprise-app-sonarqube-0 -it -- /bin/bash
> host="$(hostname -i || echo '127.0.0.1')"
> no_proxy=$host
> wget -O- --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE"  http://${host}:9000/api/system/liveness
> Connecting to my-proxy:3128 (10.0.0.2:3128)

leo.geoffroy · November 10, 2022, 4:39pm

Hello @totobaa ,

Welcome to the community!

Could you explain a bit more into details what is the issue you are facing? How do you set http_proxy, https_proxy, no_proxy in the helm chart ?

In your example, what are the value of host and no_proxy and http_proxy ?
Have you tried with export no_proxy=$host as it supposed to be an environment variable?

totobaa · November 11, 2022, 6:37am

I think the busybox wget ignores the no_proxy variable and send every request to the proxy if configured. It would also send the request the request to the proxy when host → localhost

For the application SonarQube we set these variables in the helm chart

sonarProperties
    http.proxyHost: proxy.example.com
    http.proxyPort: 3128
    https.proxyHost: proxy.example.com
    https.proxyPort: 3128
    http.nonProxyHosts: localhost|127.*|[::1]||<some_internal_domains

We use the PodPreset tool from the RedHat CoP which mounts a config map of proxy variables in each pod.

Environment variables:

HTTPS_PROXY=http://proxy.example.com:3128
HTTP_PROXY=http://proxy.example.com:3128
https_proxy=http://proxy.example.com:3128
http_proxy=http://proxy.example.com:3128
no_proxy=10.10.0.0/21,10.194.48.0/21,localhost,127.0.0.1,169.254.169.254,169.254.170.2,.internal,.eu-central-1.eks.amazonaws.com,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local
NO_PROXY=10.10.0.0/21,10.194.48.0/21,localhost,127.0.0.1,169.254.169.254,169.254.170.2,.internal,.eu-central-1.eks.amazonaws.com,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local

I tried it with export no_proxy=$host but it did not work.

Values from my example:
host=10.194.50.171
no_proxy=10.194.50.171
http_proxy=http://proxy.company-name.de:3128

leo.geoffroy · November 11, 2022, 3:39pm

Hello @totobaa

Thank you for the additional information.
I don’t believe we fully support the injection of environment variables directly into the pod for the helm chart.
But as you suggested, it seems that busybox wget doesn’t support the no_proxy environment variable.

I have created a ticket to improve our docker image so it would be possible to use this environment variable with wget.

As a workaround, you can:

Disable PodPreset for that specific pod, since the traffic within sonarqube will use the values from http.proxyHost and https.proxyHost in sonar.properties
Update the liveness probe to disable http proxy for that specific command:
http_proxy= wget -O- --header="X-Sonar-Passcode: $SONAR_WEB_SYSTEMPASSCODE" http://${host}:9000/api/system/liveness

totobaa · November 21, 2022, 1:47pm

Thank you for the quick reply.

If the pod does not need the proxy variables then I will disable the injection of these variables.