diff --git a/charts/sonarqube-dce/CHANGELOG.md b/charts/sonarqube-dce/CHANGELOG.md index 1fbdb5af0..4662a692d 100644 --- a/charts/sonarqube-dce/CHANGELOG.md +++ b/charts/sonarqube-dce/CHANGELOG.md @@ -4,6 +4,7 @@ All changes to this chart will be documented in this file. ## [10.4.0] * Update Chart's version to 10.4.0 * Improve the description of deprecated `ApplicationNodes.jvmOpts` and `ApplicationNodes.jvmCeOpts` values +* Run the initSysctl init-container as root to prevent "permission denied" issues ## [10.3.0] * Upgrade SonarQube to 10.3.0 @@ -239,7 +240,7 @@ All changes to this chart will be documented in this file. * added link to community support forum ## [0.1.6] -* fixed wrong scc user reference if name was explicitly set +* fixed wrong scc user reference if name was explicitly set ## [0.1.5] * fixed serviceaccount logic diff --git a/charts/sonarqube-dce/Chart.yaml b/charts/sonarqube-dce/Chart.yaml index c5506edd5..24a6e458b 100644 --- a/charts/sonarqube-dce/Chart.yaml +++ b/charts/sonarqube-dce/Chart.yaml @@ -31,6 +31,8 @@ annotations: description: "Update Chart's version to 10.4.0" - kind: fixed description: "Improve the description of deprecated 'ApplicationNodes.jvmOpts' and 'ApplicationNodes.jvmCeOpts' values" + - kind: changed + description: "Run the initSysctl init-container as root to prevent permission denied issues" artifacthub.io/links: | - name: support url: https://community.sonarsource.com/ diff --git a/charts/sonarqube-dce/values.yaml b/charts/sonarqube-dce/values.yaml index 8e7c87718..3467c97c2 100644 --- a/charts/sonarqube-dce/values.yaml +++ b/charts/sonarqube-dce/values.yaml @@ -461,6 +461,8 @@ initSysctl: securityContext: # Compatible with podSecurity standard privileged privileged: true + # if run without root permissions, error "sysctl: permission denied on key xxx, ignoring" + runAsUser: 0 # resources: {} initFs: diff --git a/charts/sonarqube/CHANGELOG.md b/charts/sonarqube/CHANGELOG.md index 206b4f241..be39429ce 100644 --- a/charts/sonarqube/CHANGELOG.md +++ b/charts/sonarqube/CHANGELOG.md @@ -4,6 +4,7 @@ All changes to this chart will be documented in this file. ## [10.4.0] * Update Chart's version to 10.4.0 * Improve the description of deprecated `jvmOpts` and `jvmCeOpts` values +* Run the initSysctl init-container as root to prevent "permission denied" issues ## [10.3.0] * Upgrade SonarQube to 10.3.0 diff --git a/charts/sonarqube/Chart.yaml b/charts/sonarqube/Chart.yaml index e2b268151..1241992d2 100644 --- a/charts/sonarqube/Chart.yaml +++ b/charts/sonarqube/Chart.yaml @@ -36,6 +36,8 @@ annotations: description: "Update Chart's version to 10.4.0" - kind: fixed description: "Improve the description of deprecated 'jvmOpts' and 'jvmCeOpts' values" + - kind: changed + description: "Run the initSysctl init-container as root to prevent permission denied issues" artifacthub.io/containsSecurityUpdates: "false" artifacthub.io/images: | - name: sonarqube diff --git a/charts/sonarqube/values.yaml b/charts/sonarqube/values.yaml index ea042541d..2420d51c9 100644 --- a/charts/sonarqube/values.yaml +++ b/charts/sonarqube/values.yaml @@ -243,6 +243,8 @@ initSysctl: securityContext: # Compatible with podSecurity standard privileged privileged: true + # if run without root permissions, error "sysctl: permission denied on key xxx, ignoring" + runAsUser: 0 # resources: {} # This should not be required anymore, used to chown/chmod folder created by faulty CSI driver that are not applying properly POSIX fsgroup.