Openshift

[namloc2001]

Hi, I've been reworking this chart to function in an OpenShift cluster. The changes look to do a number of things:

• Auto-create SCC for SonarQube with privilege so that initsysctl runs
• postgres runs (by default) with arbitrary UID, under restricted SCC
• add postgres serviceAccount into SCC if UID is specified, instead of using arbitrary UID

I've got it working on my OpenShift cluster with:

helm install <release_name> . --set serviceAccount.create=true,\
                                              postgresql.serviceAccount.enabled=true,\
                                              OpenShift.enabled=true,\
                                              postgresql.securityContext.enabled=false,\
                                              postgresql.volumePermissions.enabled=true,\
                                              postgresql.volumePermissions.securityContext.runAsUser="auto"

It runs postgreSQL under the default restricted SCC and creates the stripped-down "privileged" SCC for SonarQube.

SCC creation is invoked by using a new key in values.yaml (OpenShift.enabled) which asserts whether OpenShift SCC resources need to be created.

I've also:

• exposed some additional postgreSQL keys in values.yaml
• added an initContainer to monitor postgreSQL is up before starting SonarQube.

Just wanted to see if there is any interest in this, and any validation you'd like to apply.

[rjkernick]

Looks great. Any chance you could add to the CHANGELOG.md?

[namloc2001]

@rjkernick I've updated the CHANGELOG and also added a brief explanation into the README.

[rjkernick]

Thanks for the PR