titan-iac/services/quality/sonarqube-deployment.yaml

# services/quality/sonarqube-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: sonarqube
  namespace: quality
  labels:
    app: sonarqube
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonarqube
  template:
    metadata:
      labels:
        app: sonarqube
      annotations:
        vault.hashicorp.com/agent-inject: "true"
        vault.hashicorp.com/role: "quality"
        vault.hashicorp.com/agent-inject-secret-sonarqube-db-env.sh: "kv/data/atlas/quality/sonarqube-db"
        vault.hashicorp.com/agent-inject-template-sonarqube-db-env.sh: |
          {{- with secret "kv/data/atlas/quality/sonarqube-db" -}}
          export SONAR_JDBC_USERNAME="{{ .Data.data.username }}"
          export SONAR_JDBC_PASSWORD="{{ .Data.data.password }}"
          {{- end -}}
    spec:
      serviceAccountName: sonarqube
      nodeSelector:
        node-role.kubernetes.io/worker: "true"
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
              - matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values: ["arm64"]
                  - key: hardware
                    operator: In
                    values: ["rpi5"]
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: hardware
                    operator: In
                    values: ["rpi5"]
      initContainers:
        - name: prepare-volume-permissions
          image: busybox:1.36
          command:
            - /bin/sh
            - -ec
            - |
              mkdir -p /opt/sonarqube/data /opt/sonarqube/extensions /opt/sonarqube/logs /opt/sonarqube/temp
              chown -R 1000:1000 /opt/sonarqube
          volumeMounts:
            - name: sonarqube-data
              mountPath: /opt/sonarqube
      containers:
        - name: sonarqube
          image: sonarqube:lts-community
          imagePullPolicy: IfNotPresent
          command:
            - /bin/bash
            - -ec
          args:
            - |
              set -euo pipefail
              . /vault/secrets/sonarqube-db-env.sh
              exec /opt/sonarqube/docker/entrypoint.sh
          env:
            - name: SONAR_JDBC_URL
              value: jdbc:postgresql://postgres-service.postgres.svc.cluster.local:5432/sonarqube
            - name: SONAR_ES_BOOTSTRAP_CHECKS_DISABLE
              value: "true"
            - name: SONAR_WEB_HOST
              value: "0.0.0.0"
          ports:
            - containerPort: 9000
              name: http
          readinessProbe:
            httpGet:
              path: /api/system/status
              port: 9000
            initialDelaySeconds: 60
            timeoutSeconds: 5
            periodSeconds: 10
            failureThreshold: 12
          livenessProbe:
            httpGet:
              path: /api/system/status
              port: 9000
            initialDelaySeconds: 120
            timeoutSeconds: 5
            periodSeconds: 20
            failureThreshold: 6
          resources:
            requests:
              cpu: 500m
              memory: 2Gi
            limits:
              cpu: "2"
              memory: 4Gi
          volumeMounts:
            - name: sonarqube-data
              mountPath: /opt/sonarqube/data
              subPath: data
            - name: sonarqube-data
              mountPath: /opt/sonarqube/extensions
              subPath: extensions
            - name: sonarqube-data
              mountPath: /opt/sonarqube/logs
              subPath: logs
            - name: sonarqube-data
              mountPath: /opt/sonarqube/temp
              subPath: temp
      volumes:
        - name: sonarqube-data
          persistentVolumeClaim:
            claimName: sonarqube-data
quality: standardize suite checks and add SonarQube stack 2026-04-19 14:18:41 -03:00			`# services/quality/sonarqube-deployment.yaml`
			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: sonarqube`
			`namespace: quality`
			`labels:`
			`app: sonarqube`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: sonarqube`
			`template:`
			`metadata:`
			`labels:`
			`app: sonarqube`
			`annotations:`
			`vault.hashicorp.com/agent-inject: "true"`
			`vault.hashicorp.com/role: "quality"`
			`vault.hashicorp.com/agent-inject-secret-sonarqube-db-env.sh: "kv/data/atlas/quality/sonarqube-db"`
			`vault.hashicorp.com/agent-inject-template-sonarqube-db-env.sh: \|`
			`{{- with secret "kv/data/atlas/quality/sonarqube-db" -}}`
			`export SONAR_JDBC_USERNAME="{{ .Data.data.username }}"`
			`export SONAR_JDBC_PASSWORD="{{ .Data.data.password }}"`
			`{{- end -}}`
			`spec:`
			`serviceAccountName: sonarqube`
			`nodeSelector:`
			`node-role.kubernetes.io/worker: "true"`
			`affinity:`
			`nodeAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`nodeSelectorTerms:`
			`- matchExpressions:`
			`- key: kubernetes.io/arch`
			`operator: In`
			`values: ["arm64"]`
			`- key: hardware`
			`operator: In`
			`values: ["rpi5"]`
			`preferredDuringSchedulingIgnoredDuringExecution:`
			`- weight: 100`
			`preference:`
			`matchExpressions:`
			`- key: hardware`
			`operator: In`
			`values: ["rpi5"]`
			`initContainers:`
			`- name: prepare-volume-permissions`
			`image: busybox:1.36`
			`command:`
			`- /bin/sh`
			`- -ec`
			`- \|`
			`mkdir -p /opt/sonarqube/data /opt/sonarqube/extensions /opt/sonarqube/logs /opt/sonarqube/temp`
			`chown -R 1000:1000 /opt/sonarqube`
			`volumeMounts:`
			`- name: sonarqube-data`
			`mountPath: /opt/sonarqube`
			`containers:`
			`- name: sonarqube`
			`image: sonarqube:lts-community`
			`imagePullPolicy: IfNotPresent`
			`command:`
			`- /bin/bash`
			`- -ec`
			`args:`
			`- \|`
			`set -euo pipefail`
			`. /vault/secrets/sonarqube-db-env.sh`
			`exec /opt/sonarqube/docker/entrypoint.sh`
			`env:`
			`- name: SONAR_JDBC_URL`
			`value: jdbc:postgresql://postgres-service.postgres.svc.cluster.local:5432/sonarqube`
			`- name: SONAR_ES_BOOTSTRAP_CHECKS_DISABLE`
			`value: "true"`
			`- name: SONAR_WEB_HOST`
			`value: "0.0.0.0"`
			`ports:`
			`- containerPort: 9000`
			`name: http`
			`readinessProbe:`
			`httpGet:`
			`path: /api/system/status`
			`port: 9000`
			`initialDelaySeconds: 60`
			`timeoutSeconds: 5`
			`periodSeconds: 10`
			`failureThreshold: 12`
			`livenessProbe:`
			`httpGet:`
			`path: /api/system/status`
			`port: 9000`
			`initialDelaySeconds: 120`
			`timeoutSeconds: 5`
			`periodSeconds: 20`
			`failureThreshold: 6`
			`resources:`
			`requests:`
			`cpu: 500m`
			`memory: 2Gi`
			`limits:`
			`cpu: "2"`
			`memory: 4Gi`
			`volumeMounts:`
			`- name: sonarqube-data`
			`mountPath: /opt/sonarqube/data`
			`subPath: data`
			`- name: sonarqube-data`
			`mountPath: /opt/sonarqube/extensions`
			`subPath: extensions`
			`- name: sonarqube-data`
			`mountPath: /opt/sonarqube/logs`
			`subPath: logs`
			`- name: sonarqube-data`
			`mountPath: /opt/sonarqube/temp`
			`subPath: temp`
			`volumes:`
			`- name: sonarqube-data`
			`persistentVolumeClaim:`
			`claimName: sonarqube-data`