NO-JIRA add sonar compatible commit message

fix(securityContext sysctl): run the initSysctl initcontainer as root user for setting values add changelog to chart.yaml
SonarSource · Dec 8, 2023 · 9a24fc4 · 9a24fc4
1 parent e7176ff
commit 9a24fc4
Show file tree

Hide file tree

Showing 6 changed files with 11 additions and 1 deletion.
diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md
@@ -4,6 +4,7 @@ All changes to this chart will be documented in this file.
 ## [10.4.0]
 * Update Chart's version to 10.4.0
 * Improve the description of deprecated `ApplicationNodes.jvmOpts` and `ApplicationNodes.jvmCeOpts` values
+* Run the initSysctl init-container as root to prevent "permission denied" issues
 
 ## [10.3.0]
 * Upgrade SonarQube to 10.3.0
@@ -239,7 +240,7 @@ All changes to this chart will be documented in this file.
 * added link to community support forum
 
 ## [0.1.6]
-* fixed wrong scc user reference if name was explicitly set 
+* fixed wrong scc user reference if name was explicitly set
 
 ## [0.1.5]
 * fixed serviceaccount logic

diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml
@@ -31,6 +31,8 @@ annotations:
       description: "Update Chart's version to 10.4.0"
     - kind: fixed
       description: "Improve the description of deprecated 'ApplicationNodes.jvmOpts' and 'ApplicationNodes.jvmCeOpts' values"
+    - kind: changed
+      description: "Run the initSysctl init-container as root to prevent permission denied issues"
   artifacthub.io/links: |
     - name: support
       url: https://community.sonarsource.com/

diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml
@@ -461,6 +461,8 @@ initSysctl:
   securityContext:
     # Compatible with podSecurity standard privileged
     privileged: true
+    # if run without root permissions, error "sysctl: permission denied on key xxx, ignoring"
+    runAsUser: 0
   # resources: {}
 
 initFs:

diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md
@@ -4,6 +4,7 @@ All changes to this chart will be documented in this file.
 ## [10.4.0]
 * Update Chart's version to 10.4.0
 * Improve the description of deprecated `jvmOpts` and `jvmCeOpts` values
+* Run the initSysctl init-container as root to prevent "permission denied" issues
 
 ## [10.3.0]
 * Upgrade SonarQube to 10.3.0

diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml
@@ -36,6 +36,8 @@ annotations:
       description: "Update Chart's version to 10.4.0"
     - kind: fixed
       description: "Improve the description of deprecated 'jvmOpts' and 'jvmCeOpts' values"
+    - kind: changed
+      description: "Run the initSysctl init-container as root to prevent permission denied issues"
   artifacthub.io/containsSecurityUpdates: "false"
   artifacthub.io/images: |
     - name: sonarqube

diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml
@@ -243,6 +243,8 @@ initSysctl:
   securityContext:
     # Compatible with podSecurity standard privileged
     privileged: true
+    # if run without root permissions, error "sysctl: permission denied on key xxx, ignoring"
+    runAsUser: 0
   # resources: {}
 
 # This should not be required anymore, used to chown/chmod folder created by faulty CSI driver that are not applying properly POSIX fsgroup.