Безопасно ли устанавливать схему управления Sonarqube в существующей базе данных PostgreSQL? - PullRequest
0 голосов
/ 07 апреля 2020

Мне нужно установить диаграмму руля sonarqube с постоянным значением postgresql, указывающим на внешнюю базу данных. Этот сервер базы данных уже используется, и диаграмма настроена, как показано ниже (IP-адрес и пароль изменены из соображений безопасности). Моя идея - создать базу данных sonarDB и установить диаграмму. Будет ли это безопасно или был бы риск?

# Default values for sonarqube.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1

 # This will use the default deployment strategy unless it is overriden
deploymentStrategy: {}

image:
  repository: sonarqube
  tag: 7.9.1-community
  # If using a private repository, the name of the imagePullSecret to use
  # pullSecret: my-repo-secret

# Set security context for sonarqube pod
securityContext:
  fsGroup: 999

# Settings to configure elasticsearch host requirements
elasticsearch:
  configureNode: true
  bootstrapChecks: true

service:
  type: ClusterIP
  externalPort: 9000
  internalPort: 9000
  labels:
  annotations: {}
  # May be used in example for internal load balancing in GCP:
  # cloud.google.com/load-balancer-type: Internal
  # loadBalancerSourceRanges:
  #   - 0.0.0.0/0
  # loadBalancerIP: 1.2.3.4
ingress:
  enabled: false
  # Used to create an Ingress record.
  hosts:
    - name: sonar.organization.com
      # default paths for "/" and "/*" will be added
      path: /
      # If a different path is defined, that path and {path}/* will be added to the ingress resource
      # path: /sonarqube
  annotations: {}
  # kubernetes.io/ingress.class: nginx
  # kubernetes.io/tls-acme: "true"
  # This property allows for reports up to a certain size to be uploaded to SonarQube
  # nginx.ingress.kubernetes.io/proxy-body-size: "8m"

# Additional labels for Ingress manifest file
  # labels:
  #  traffic-type: external
  #  traffic-type: internal
  tls: []
  # Secrets must be manually created in the namespace.
  # - secretName: chart-example-tls
  #   hosts:
  #     - chart-example.local

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}

# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []

# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

# hostAliases allows the modification of the hosts file inside a container
hostAliases: []
# - ip: "192.168.1.10"
#   hostnames:
#   - "example.com"
#   - "www.example.com"

readinessProbe:
  initialDelaySeconds: 60
  periodSeconds: 30
  failureThreshold: 6
  # If an ingress *path* other than the root (/) is defined, it should be reflected here
  # A trailing "/" must be included
  sonarWebContext: /
  # sonarWebContext: /sonarqube/
livenessProbe:
  initialDelaySeconds: 60
  periodSeconds: 30
  # If an ingress *path* other than the root (/) is defined, it should be reflected here
  # A trailing "/" must be included
  sonarWebContext: /
  # sonarWebContext: /sonarqube/

# Set extra env variables. Like proxy settings.
extraEnv: {}
  # If an ingress *path* is defined, it should be reflected here
  # sonar.web.context: /sonarqube

# Set annotations for pods
annotations: {}

resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
#  cpu: 100m
#  memory: 128Mi
# requests:
#  cpu: 100m
#  memory: 128Mi
persistence:
  enabled: false
  ## Set annotations on pvc
  annotations: {}

  ## Specify an existing volume claim instead of creating a new one.
  ## When using this option all following options like storageClass, accessMode and size are ignored.
  #existingClaim: gke-homolog-sonarqube

  ## If defined, storageClassName: <storageClass>
  ## If set to "-", storageClassName: "", which disables dynamic provisioning
  ## If undefined (the default) or set to null, no storageClassName spec is
  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  ##   GKE, AWS & OpenStack)
  ##
  storageClass:
  accessMode: ReadWriteOnce
  size: 10Gi

# List of plugins to install.
# For example:
plugins:
  install:
    - "https://github.com/sleroy/sonar-slack-notifier-plugin/releases/download/2.5/cks-slack-notifier-2.5.jar"
    - "https://repo1.maven.org/maven2/org/sonarsource/java/sonar-java-plugin/5.14.0.18788/sonar-java-plugin-5.14.0.18788.jar"
#plugins:
  #install: []

  # initContainerImage: alpine:3.10.3
  # deleteDefaultPlugins: true
  #resources: {}
  # We allow the plugins init container to have a separate resources declaration because
  # the initContainer does not take as much resources.

# A custom sonar.properties file can be provided via dictionary.
# For example:
# sonarProperties:
#   sonar.forceAuthentication: true
#   sonar.security.realm: LDAP
#   ldap.url: ldaps://organization.com

# Additional sonar properties to load from a secret with a key "secret.properties" (must be a string)
# sonarSecretProperties:

# Kubernetes secret that contains the encryption key for the sonarqube instance.
# The secret must contain the key 'sonar-secret.txt'.
# The 'sonar.secretKeyPath' property will be set automatically.
# sonarSecretKey: "settings-encryption-secret"

customCerts:
  ## Enable to override the default cacerts with your own one
  enabled: false
  secretName: my-cacerts

## Configuration value to select database type
## Option to use "postgresql" or "mysql" database type, by default "postgresql" is chosen
## Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select
#database:
#  type: "postgresql"

## Configuration values for postgresql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
postgresql:
  # Enable to deploy the PostgreSQL chart
  enabled: false
  # To use an external PostgreSQL instance, set enabled to false and uncomment
  # the line below:
  postgresServer: "11.31.76.3"
  # To use an external secret for the password for an external PostgreSQL
  # instance, set enabled to false and provide the name of the secret on the
  # line below:
  # postgresPasswordSecret: ""
  postgresUser: "application"
  postgresPassword: "pass123"
  postgresDatabase: "sonarDB"
  # Specify the TCP port that PostgreSQL should use
  service:
    port: 5432

## Configuration values for the mysql dependency
## ref: https://github.com/kubernetes/charts/blob/master/stable/mysql/README.md
##
mysql:
  # Enable to deploy the mySQL chart
  enabled: false
  # To use an external mySQL instance, set enabled to false and uncomment
  # the line below:
  # mysqlServer: ""
  # To use an external secret for the password for an external mySQL instance,
  # set enabled to false and provide the name of the secret on the line below:
  # mysqlPasswordSecret: ""
  mysqlUser: "sonarUser"
  mysqlPassword: "sonarPass"
  mysqlDatabase: "sonarDB"
  # mysqlParams:
  #   useSSL: "true"
  # Specify the TCP port that mySQL should use
  service:
    port: 3306
#
# Additional labels to add to the pods:
# podLabels:
#   key: value
podLabels: {}
# For compatibility with 8.0 replace by "/opt/sq"
sonarqubeFolder: /opt/sonarqube
...