Проблема с установкой SonarQube — «Не удалось распаковать плагин [python]»… «Операция не разрешена»
У меня возникла проблема: сообщество SonarQube 10.1.0 впервые с трудом запускается.
Я настроил его с помощью Kubernetes (K3s v1.27.1) и адаптировал официальную диаграмму SonarQube Helm, чтобы иметь возможность использовать его в своей собственной инфраструктуре и иметь больше контроля.
Журналы
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [aggregations]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [analysis-common]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [apm]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [blob-cache]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [lang-painless]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [old-lucene-versions]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [parent-join]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [reindex]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [transport-netty4]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [x-pack-aggregate-metric]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [x-pack-core]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [x-pack-profiling]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] loaded module [x-pack-security]
2023.07.02 21:55:21 INFO es[][o.e.p.PluginsService] no plugins loaded
2023.07.02 21:55:24 INFO es[][o.e.e.NodeEnvironment] using [1] data paths, mounts [[/opt/sonarqube/data (10.0.1.1:/mnt/ZPool1/Kubernetes/cluster0/personal-19/sonarqube/data)]], net usable_space [4.7tb], net total_space [4.7tb], types [nfs4]
2023.07.02 21:55:24 INFO es[][o.e.e.NodeEnvironment] heap size [512mb], compressed ordinary object pointers [true]
2023.07.02 21:55:24 INFO es[][o.e.n.Node] node name [sonarqube], node ID [lKa0DhO4Ss2jrx089YgiuA], cluster name [sonarqube], roles [ml, data_hot, transform, data_content, data_warm, master, remote_cluster_client, data, data_cold, ingest, data_frozen]
2023.07.02 21:55:24 INFO es[][o.e.x.p.ProfilingPlugin] Profiling is enabled
2023.07.02 21:55:24 INFO es[][o.e.x.s.Security] Security is disabled
2023.07.02 21:55:24 INFO es[][o.e.t.n.NettyAllocator] creating NettyAllocator with the following configs: [name=unpooled, suggested_max_allocation_size=1mb, factors={es.unsafe.use_unpooled_allocator=null, g1gc_enabled=true, g1gc_region_size=4mb, heap_size=512mb}]
2023.07.02 21:55:24 INFO es[][o.e.i.r.RecoverySettings] using rate limit [40mb] with [default=40mb, read=0b, write=0b, max=0b]
2023.07.02 21:55:24 INFO es[][o.e.d.DiscoveryModule] using discovery type [single-node] and seed hosts providers [settings]
2023.07.02 21:55:25 INFO es[][o.e.n.Node] initialized
2023.07.02 21:55:25 INFO es[][o.e.n.Node] starting ...
2023.07.02 21:55:25 INFO es[][o.e.t.TransportService] publish_address {127.0.0.1:35691}, bound_addresses {127.0.0.1:35691}
2023.07.02 21:55:25 INFO es[][o.e.b.BootstrapChecks] explicitly enforcing bootstrap checks
2023.07.02 21:55:25 WARN es[][o.e.c.c.ClusterBootstrapService] this node is locked into cluster UUID [HDZkyFIkRi2sp_BveAdgVg] but [cluster.initial_master_nodes] is set to [sonarqube]; remove this setting to avoid possible data loss caused by subsequent cluster bootstrap attempts; for further information see https://www.elastic.co/guide/en/elasticsearch/reference/8.7/important-settings.html#initial_master_nodes
2023.07.02 21:55:25 INFO es[][o.e.c.s.MasterService] elected-as-master ([1] nodes joined)[_FINISH_ELECTION_, {sonarqube}{lKa0DhO4Ss2jrx089YgiuA}{nLZiwfHqTwyq1R1mRHYZJA}{sonarqube}{127.0.0.1}{127.0.0.1:35691}{cdfhilmrstw}{8.7.0} completing election], term: 4, version: 14, delta: master node changed {previous [], current [{sonarqube}{lKa0DhO4Ss2jrx089YgiuA}{nLZiwfHqTwyq1R1mRHYZJA}{sonarqube}{127.0.0.1}{127.0.0.1:35691}{cdfhilmrstw}{8.7.0}]}
2023.07.02 21:55:26 INFO es[][o.e.c.s.ClusterApplierService] master node changed {previous [], current [{sonarqube}{lKa0DhO4Ss2jrx089YgiuA}{nLZiwfHqTwyq1R1mRHYZJA}{sonarqube}{127.0.0.1}{127.0.0.1:35691}{cdfhilmrstw}{8.7.0}]}, term: 4, version: 14, reason: Publication{term=4, version=14}
2023.07.02 21:55:26 INFO es[][o.e.r.s.FileSettingsService] starting file settings watcher ...
2023.07.02 21:55:26 INFO es[][o.e.r.s.FileSettingsService] file settings service up and running [tid=30]
2023.07.02 21:55:26 INFO es[][o.e.h.AbstractHttpServerTransport] publish_address {127.0.0.1:9001}, bound_addresses {127.0.0.1:9001}
2023.07.02 21:55:26 INFO es[][o.e.c.c.NodeJoinExecutor] node-join: [{sonarqube}{lKa0DhO4Ss2jrx089YgiuA}{nLZiwfHqTwyq1R1mRHYZJA}{sonarqube}{127.0.0.1}{127.0.0.1:35691}{cdfhilmrstw}{8.7.0}] with reason [completing election]
2023.07.02 21:55:26 INFO es[][o.e.n.Node] started {sonarqube}{lKa0DhO4Ss2jrx089YgiuA}{nLZiwfHqTwyq1R1mRHYZJA}{sonarqube}{127.0.0.1}{127.0.0.1:35691}{cdfhilmrstw}{8.7.0}{xpack.installed=true, rack_id=sonarqube}
2023.07.02 21:55:26 INFO es[][o.e.l.LicenseService] license [bdd74327-7981-4b82-af56-5b0a01c50f5a] mode [basic] - valid
2023.07.02 21:55:26 INFO es[][o.e.g.GatewayService] recovered [0] indices into cluster_state
2023.07.02 21:55:26 INFO app[][o.s.a.SchedulerImpl] Process[es] is up
2023.07.02 21:55:26 INFO app[][o.s.a.ProcessLauncherImpl] Launch process[WEB_SERVER] from [/opt/sonarqube]: /opt/java/openjdk/bin/java -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djava.io.tmpdir=/opt/sonarqube/temp -XX:-OmitStackTraceInFastThrow --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED --add-exports=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/sun.nio.ch=ALL-UNNAMED --add-opens=java.management/sun.management=ALL-UNNAMED --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Dcom.redhat.fips=false -Xmx512m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttp.nonProxyHosts=localhost|127.*|[::1] -cp ./lib/sonar-application-10.1.0.73491.jar:/opt/sonarqube/lib/jdbc/postgresql/postgresql-42.6.0.jar org.sonar.server.app.WebServer /opt/sonarqube/temp/sq-process9317971875660968072properties
2023.07.02 21:55:26 INFO es[][o.e.h.n.s.HealthNodeTaskExecutor] Node [{sonarqube}{lKa0DhO4Ss2jrx089YgiuA}] is selected as the current health node.
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by org.sonar.process.PluginSecurityManager (file:/opt/sonarqube/lib/sonar-application-10.1.0.73491.jar)
WARNING: Please consider reporting this to the maintainers of org.sonar.process.PluginSecurityManager
WARNING: System::setSecurityManager will be removed in a future release
2023.07.02 21:55:26 INFO web[][o.s.p.ProcessEntryPoint] Starting Web Server
2023.07.02 21:55:27 INFO web[][o.s.s.p.LogServerVersion] SonarQube Server / 10.1.0.73491 / 53c01c35c264c7e3d76cf5fb955de406f36b115e
2023.07.02 21:55:27 INFO web[][o.s.d.DefaultDatabase] Create JDBC data source for jdbc:postgresql://postgresql-service:5432/sonarqube
2023.07.02 21:55:27 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Starting...
2023.07.02 21:55:27 INFO web[][c.z.h.p.HikariPool] HikariPool-1 - Added connection org.postgresql.jdbc.PgConnection@73a00e09
2023.07.02 21:55:27 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Start completed.
2023.07.02 21:55:28 INFO web[][o.s.s.p.ServerFileSystemImpl] SonarQube home: /opt/sonarqube
2023.07.02 21:55:28 INFO web[][o.s.s.u.SystemPasscodeImpl] System authentication by passcode is disabled
2023.07.02 21:55:29 INFO web[][o.s.s.p.ServerPluginManager] Deploy C# Code Quality and Security / 9.3.0.71466 / e47cf88a6286a446a098754e5775535a330f58d7
<<Omitted lines for character limit>>
2023.07.02 21:55:29 INFO web[][o.s.s.p.ServerPluginManager] Deploy XML Code Quality and Security / 2.8.1.4006 / 80e5629b173cd7a47c04e97cbe1a263db84ff844
2023.07.02 21:55:29 WARN web[][o.s.c.a.AnnotationConfigApplicationContext] Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@61a88b8c-org.sonar.server.plugins.ServerPluginManager': Initialization of bean failed; nested exception is java.lang.IllegalStateException: Fail to unzip plugin [python] /opt/sonarqube/lib/extensions/sonar-python-plugin-4.3.0.11660.jar to /opt/sonarqube/data/web/deploy/plugins/python
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jdk.internal.loader.ClassLoaders$AppClassLoader@61a88b8c-org.sonar.server.plugins.ServerPluginManager': Initialization of bean failed; nested exception is java.lang.IllegalStateException: Fail to unzip plugin [python] /opt/sonarqube/lib/extensions/sonar-python-plugin-4.3.0.11660.jar to /opt/sonarqube/data/web/deploy/plugins/python
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:628)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:920)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
at org.sonar.core.platform.SpringComponentContainer.startComponents(SpringComponentContainer.java:187)
at org.sonar.server.platform.platformlevel.PlatformLevel.start(PlatformLevel.java:80)
at org.sonar.server.platform.platformlevel.PlatformLevel2.start(PlatformLevel2.java:101)
at org.sonar.server.platform.PlatformImpl.start(PlatformImpl.java:214)
at org.sonar.server.platform.PlatformImpl.startLevel2Container(PlatformImpl.java:186)
at org.sonar.server.platform.PlatformImpl.init(PlatformImpl.java:80)
at org.sonar.server.platform.web.PlatformServletContextListener.contextInitialized(PlatformServletContextListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4494)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:4946)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(Unknown Source)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:871)
at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:795)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1332)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1322)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
at java.base/java.util.concurrent.AbstractExecutorService.submit(Unknown Source)
at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:871)
at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:249)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardService.startInternal(StandardService.java:428)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:917)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.sonar.server.app.EmbeddedTomcat.start(EmbeddedTomcat.java:71)
at org.sonar.server.app.WebServer.start(WebServer.java:55)
at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:97)
at org.sonar.process.ProcessEntryPoint.launch(ProcessEntryPoint.java:81)
at org.sonar.server.app.WebServer.main(WebServer.java:104)
Caused by: java.lang.IllegalStateException: Fail to unzip plugin [python] /opt/sonarqube/lib/extensions/sonar-python-plugin-4.3.0.11660.jar to /opt/sonarqube/data/web/deploy/plugins/python
at org.sonar.server.plugins.ServerPluginJarExploder.explode(ServerPluginJarExploder.java:60)
at java.base/java.util.stream.ReferencePipeline$3$1.accept(Unknown Source)
at java.base/java.util.HashMap$ValueSpliterator.forEachRemaining(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.copyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluate(Unknown Source)
at java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.toArray(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.toArray(Unknown Source)
at java.base/java.util.stream.ReferencePipeline.toList(Unknown Source)
at org.sonar.server.plugins.ServerPluginManager.extractPlugins(ServerPluginManager.java:86)
at org.sonar.server.plugins.ServerPluginManager.start(ServerPluginManager.java:65)
at org.sonar.core.platform.StartableBeanPostProcessor.postProcessBeforeInitialization(StartableBeanPostProcessor.java:33)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1796)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:620)
... 44 common frames omitted
Caused by: java.nio.file.FileSystemException: /opt/sonarqube/data/web/deploy/plugins/python/sonar-python-plugin-4.3.0.11660.jar: Operation not permitted
at java.base/sun.nio.fs.UnixException.translateToIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixException.rethrowAsIOException(Unknown Source)
at java.base/sun.nio.fs.UnixCopyFile.copyFile(Unknown Source)
at java.base/sun.nio.fs.UnixCopyFile.copy(Unknown Source)
at java.base/sun.nio.fs.UnixFileSystemProvider.copy(Unknown Source)
at java.base/java.nio.file.Files.copy(Unknown Source)
at org.apache.commons.io.FileUtils.copyFile(FileUtils.java:850)
at org.apache.commons.io.FileUtils.copyFile(FileUtils.java:756)
at org.sonar.server.plugins.ServerPluginJarExploder.explode(ServerPluginJarExploder.java:56)
... 59 common frames omitted
2023.07.02 21:55:29 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown initiated...
2023.07.02 21:55:29 INFO web[][c.z.h.HikariDataSource] HikariPool-1 - Shutdown completed.
2023.07.02 21:55:29 INFO web[][o.s.s.a.EmbeddedTomcat] HTTP connector enabled on port 9000
2023.07.02 21:55:29 INFO web[][o.s.p.ProcessEntryPoint] Hard stopping process
2023.07.02 21:55:29 INFO app[][o.s.a.SchedulerImpl] Process[Web Server] is stopped
2023.07.02 21:55:29 WARN app[][o.s.a.p.AbstractManagedProcess] Process exited with exit value [ElasticSearch]: 143
2023.07.02 21:55:29 INFO app[][o.s.a.SchedulerImpl] Process[ElasticSearch] is stopped
2023.07.02 21:55:29 INFO app[][o.s.a.SchedulerImpl] SonarQube is stopped
Я не могу найти много информации об этом в Интернете или даже не знаю, что именно искать в данный момент. Похоже, что это проблема с разрешениями файловой системы, однако я не могу найти проблемы, вплоть до установки всех исходных файлов контейнера в/opt/sonarqube/*к777сownerиgroupсуществование .
Соседний?
Я использую NFS в качестве серверной части хранилища через заявки на постоянные тома K8 и подозреваю, что это может быть связано с проблемами, но не могу определить, почему.
На странице установки сервера я вижу :
Это предупреждение о настройках, связанных с хранилищем, заставляет меня подозревать, что оно как-то связано с моей настройкой хранилища, но, опять же, я не могу понять, почему или даже почему при привязке монтирования с использованием непосредственно Docker возникают проблемы. Также аналогично развертыванию SonarQube в Kubernetes , в котором упоминаются известные проблемы в службе Azure Kubernetes с PVC Fileshare.
Попытки отладки
Просматривая логи:
Смотря на:nested exception is java.lang.IllegalStateException: Fail to unzip plugin [python] /opt/sonarqube/lib/extensions/sonar-python-plugin-4.3.0.11660.jar to /opt/sonarqube/data/web/deploy/plugins/python
я могу пойти в/opt/sonarqube/lib/extensions/и посмотреть:
sonarqube@sonarqube-deployment-cff8497f8-5mbrb:/opt/sonarqube$ ls -AGhl lib/extensions
total 144M
-r-xr-xr-x 1 root 9.0M Jun 20 13:44 sonar-cayc-plugin-2.0.0.334.jar
-r-xr-xr-x 1 root 28K Jun 20 13:44 sonar-config-plugin-1.2.0.267.jar
-r-xr-xr-x 1 root 4.9M Jun 20 13:44 sonar-csharp-plugin-9.3.0.71466.jar
-r-xr-xr-x 1 root 1.2M Jun 20 13:44 sonar-flex-plugin-2.9.0.3375.jar
-r-xr-xr-x 1 root 7.7M Jun 20 13:44 sonar-go-plugin-1.13.0.4374.jar
-r-xr-xr-x 1 root 528K Jun 20 13:44 sonar-html-plugin-3.8.0.3510.jar
-r-xr-xr-x 1 root 1.5M Jun 20 13:44 sonar-iac-plugin-1.17.0.3976.jar
-r-xr-xr-x 1 root 23K Jun 20 13:44 sonar-jacoco-plugin-1.3.0.1538.jar
-r-xr-xr-x 1 root 18M Jun 20 13:44 sonar-java-plugin-7.20.0.31692.jar
-r-xr-xr-x 1 root 20M Jun 20 13:44 sonar-javascript-plugin-10.3.1.21905.jar
-r-xr-xr-x 1 root 36M Jun 20 13:44 sonar-kotlin-plugin-2.15.0.2579.jar
-r-xr-xr-x 1 root 5.5M Jun 20 13:44 sonar-php-plugin-3.30.0.9766.jar
-r-xr-xr-x 1 root 8.0M Jun 20 13:44 sonar-python-plugin-4.3.0.11660.jar
-r-xr-xr-x 1 root 14M Jun 20 13:44 sonar-ruby-plugin-1.13.0.4374.jar
-r-xr-xr-x 1 root 13M Jun 20 13:44 sonar-scala-plugin-1.13.0.4374.jar
-r-xr-xr-x 1 root 112K Jun 20 13:44 sonar-text-plugin-2.1.0.1163.jar
-r-xr-xr-x 1 root 4.3M Jun 20 13:44 sonar-vbnet-plugin-9.3.0.71466.jar
-r-xr-xr-x 1 root 2.4M Jun 20 13:44 sonar-xml-plugin-2.8.1.4006.jar
Все файлы доступны для чтения пользователю.
я могу пойти в/opt/sonarqube/data/web/deploy/plugins/и посмотреть:
sonarqube@sonarqube-deployment-cff8497f8-5mbrb:/opt/sonarqube$ stat /opt/sonarqube/data/web/deploy/plugins/python/
File: /opt/sonarqube/data/web/deploy/plugins/python/
Size: 2 Blocks: 1 IO Block: 1048576 directory
Device: 31h/49d Inode: 65074 Links: 2
Access: (0777/drwxrwxrwx) Uid: ( 1000/sonarqube) Gid: ( 1000/sonarqube)
Access: 2023-07-02 21:55:59.219114423 +0000
Modify: 2023-07-02 21:55:59.395114311 +0000
Change: 2023-07-02 22:35:24.553474386 +0000
Birth: -
Таким образом, каталог доступен для записи всем пользователям.
Я считаю, что Java-приложение должно работать под управлениемsonarqubeпользователь, поэтому я не понимаю, почему здесь может возникнуть проблема.
Декларации Кубернетеса
Развертывание (в конце концов я буду использовать StatefulSet...)
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube-deployment
namespace: personal-19
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
strategy:
type: Recreate
template:
metadata:
labels:
app: sonarqube
app-group: sonarqube
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
topologyKey: "kubernetes.io/hostname"
labelSelector:
matchExpressions:
- key: app-group
operator: In
values:
- sonarqube
initContainers:
- name: set-sysctl-options
image: docker.io/busybox:1.32
command: [ "/bin/sh", "-c" ]
args:
- |
if [[ "$(sysctl -n vm.max_map_count)" -lt 524288 ]]; then
sysctl -w vm.max_map_count=524288
fi
if [[ "$(sysctl -n fs.file-max)" -lt 131072 ]]; then
sysctl -w fs.file-max=131072
fi
if [[ "$(ulimit -n)" != "unlimited" ]]; then
if [[ "$(ulimit -n)" -lt 131072 ]]; then
echo "ulimit -n 131072"
ulimit -n 131072
fi
fi
if [[ "$(ulimit -u)" != "unlimited" ]]; then
if [[ "$(ulimit -u)" -lt 8192 ]]; then
echo "ulimit -u 8192"
ulimit -u 8192
fi
fi
securityContext:
privileged: true
# runAsUser: 1000
# runAsGroup: 1000
# readOnlyRootFilesystem: false
- name: reset-filesystem-permissions
image: docker.io/ubuntu:23.04
command: [ "/bin/sh", "-c" ]
args:
- |
chown -R 1000:1000 /opt/sonarqube
chmod -R 777 /opt/sonarqube
volumeMounts:
- name: sonarqube-volume-data
mountPath: /opt/sonarqube/data/
- name: sonarqube-volume-extensions
mountPath: /opt/sonarqube/extensions/
- name: sonarqube-volume-logs
mountPath: /opt/sonarqube/logs/
containers:
- name: sonarqube
image: docker.io/sonarqube:10.1.0-community
imagePullPolicy: Always
# command: [ "sleep", "infinity" ]
# securityContext:
# privileged: true
# runAsUser: 1000
# runAsGroup: 1000
# readOnlyRootFilesystem: false
env:
- name: SONAR_JDBC_URL
value: 'jdbc:postgresql://postgresql-service:5432/sonarqube'
- name: SONAR_JDBC_USERNAME
valueFrom:
secretKeyRef:
name: personal-19-secrets
key: Database-User
- name: SONAR_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: personal-19-secrets
key: Database-Password
ports:
- protocol: TCP
containerPort: 9000
resources:
requests:
cpu: 500m
memory: 2Gi
limits:
cpu: 4000m
memory: 8Gi
volumeMounts:
- name: sonarqube-volume-data
mountPath: /opt/sonarqube/data/
- name: sonarqube-volume-extensions
mountPath: /opt/sonarqube/extensions/
- name: sonarqube-volume-logs
mountPath: /opt/sonarqube/logs/
terminationGracePeriodSeconds: 3600
volumes:
- name: sonarqube-volume-data
persistentVolumeClaim:
claimName: sonarqube-volumeclaim-data
- name: sonarqube-volume-extensions
persistentVolumeClaim:
claimName: sonarqube-volumeclaim-extensions
- name: sonarqube-volume-logs
persistentVolumeClaim:
claimName: sonarqube-volumeclaim-logs
Хранилище
apiVersion: v1
kind: PersistentVolume
metadata:
name: personal-19-sonarqube-persistentvolume-data
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-data
volumeMode: Filesystem
nfs:
server: 10.0.1.1
path: /mnt/ZPool1/Kubernetes/cluster0/personal-19/sonarqube/data/
mountOptions:
- nfsvers=4.2
- hard # `soft` may cause silent data corruption; `hard` requires requests to be retried indefinitely and is "not allowed to fail"
- async # `async` can always be used, as application can command when data is flushed to disk (Basic write-caching)
- proto=tcp
- timeo=10 # read & write request timeout (in tenths of a second)
- rsize=1048576 # the maximum number of bytes the client is allowed to request in a single read request
- wsize=1048576 # the maximum number of bytes the client is allowed to request in a single write request
- ac # enable file attribute caching
- noatime # do not need to update file access times
- nodiratime # do not need to update directory access times
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: personal-19-sonarqube-persistentvolume-extensions
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-extensions
volumeMode: Filesystem
nfs:
server: 10.0.1.1
path: /mnt/ZPool1/Kubernetes/cluster0/personal-19/sonarqube/extensions/
mountOptions:
- nfsvers=4.2
- hard # `soft` may cause silent data corruption; `hard` requires requests to be retried indefinitely and is "not allowed to fail"
- async # `async` can always be used, as application can command when data is flushed to disk (Basic write-caching)
- proto=tcp
- timeo=10 # read & write request timeout (in tenths of a second)
- rsize=1048576 # the maximum number of bytes the client is allowed to request in a single read request
- wsize=1048576 # the maximum number of bytes the client is allowed to request in a single write request
- ac # enable file attribute caching
- noatime # do not need to update file access times
- nodiratime # do not need to update directory access times
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: personal-19-sonarqube-persistentvolume-logs
spec:
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-logs
volumeMode: Filesystem
nfs:
server: 10.0.1.1
path: /mnt/ZPool1/Kubernetes/cluster0/personal-19/sonarqube/logs/
mountOptions:
- nfsvers=4.2
- hard # `soft` may cause silent data corruption; `hard` requires requests to be retried indefinitely and is "not allowed to fail"
- async # `async` can always be used, as application can command when data is flushed to disk (Basic write-caching)
- proto=tcp
- timeo=10 # read & write request timeout (in tenths of a second)
- rsize=1048576 # the maximum number of bytes the client is allowed to request in a single read request
- wsize=1048576 # the maximum number of bytes the client is allowed to request in a single write request
- ac # enable file attribute caching
- noatime # do not need to update file access times
- nodiratime # do not need to update directory access times
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-volumeclaim-data
namespace: personal-19
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-data
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-volumeclaim-extensions
namespace: personal-19
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-extensions
volumeMode: Filesystem
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-volumeclaim-logs
namespace: personal-19
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi
storageClassName: personal-19-sonarqube-storageclass-logs
volumeMode: Filesystem
Идеи?
Если у кого-то есть какие-либо идеи по поводу того, что я могу изучить, я буду очень признателен за любой вклад! Спасибо!