I am looking to do a helm install of sonarqube 9.6.1 and I am looking to leverage AWS Secrets Manager along with Kubernetes external secrets to pull username/password and postgres url. What is the easiest way to implement this. I assume that I need to use extraConfig, but having an example to work with would be ideal.
I am looking to install sonarqube 9.6.1 where I am leveraging an external Postgresql database. All JDBC Overwrite values are stored in a kubernetes ExternalSecret tied to AWS Secrets Manager. My question is whether or not this is feasible as part of the install. If so is there an option to have the ExternalSecret created with the helm values.yaml file within the extraConfig property or is there another recommended approach. Any help would be greatly appreciated along with examples if possible.
thanks for reaching out, I’m happy to give you some suggestions
Assuming that your cluster has visibility of all the secrets managed through the AWS Secrets Manager, the best approach is to set some jdbcOverwrite parameters, specifically jdbcSecretName and jdbcSecretPasswordKey.
About your request of creating external secrets from our helm chart, this is something that goes beyond the scope of our chart: our goal is to define an environment that has sonarqube running reliably, while creating and managing secrets should be performed using other applications.
Thanks for the response Carmine. Can I set the other jdbcOverwrite parameters, such as jdbcUrl, jdbcUsername using the secrets managed through AWS Secrets Manager? Lastly I see that there is an option using extraConfig that appears to allow for creation of configmaps and secrets. Do you have any examples on how to leverage this feature. For example I want to create a few secrets.
Our helm chart does not require interaction with a specific vault technology, therefore, you might want to check on AWS how the secrets managed through the Secrets Manager are made available to the entire k8s cluster.
About the extraConfig value, you can inject existing secrets and/or configmaps in our chart using it. These Secrets/ConfigMaps are expected to contain Key/Value pairs, such as: