目录
SonarQube 是一款用于代码质量管理的开源工具,它主要用于管理源代码的质量。 通过插件形式,可以支持众多计算机语言,比如 java, C#, go,C/C++, PL/SQL, Cobol, JavaScrip, Groovy 等。sonar可以通过PMD,CheckStyle,Findbugs等等代码规则检测工具来检测你的代码,帮助你发现代码的漏洞,Bug,异味等信息。
Sonar 不仅提供了对 IDE 的支持,可以在 Eclipse和 IntelliJ IDEA 这些工具里联机查看结果;同时 Sonar 还对大量的持续集成工具提供了接口支持,可以很方便地在持续集成中使用 Sonar。
1、环境介绍
1.1、kubernetes集群环境
[root@k8s-master-01 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:23:11Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"16", GitVersion:"v1.16.3", GitCommit:"b3cbbae08ec52a7fc73d334838e18d17e8512749", GitTreeState:"clean", BuildDate:"2019-11-13T11:13:49Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
[root@k8s-master-01 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master-01 Ready master 5d5h v1.16.3
k8s-master-02 Ready master 5d4h v1.16.3
k8s-master-03 Ready master 5d4h v1.16.3
k8s-node-01 Ready <none> 5d4h v1.16.3
k8s-node-02 Ready <none> 5d4h v1.16.3
k8s-node-03 Ready <none> 5d4h v1.16.31.2、存储环境
本集群中kubernetes底层存储使用的是glusterfs,并且以glusterfs作为存储创建了storageclass便于动态创建pv
[root@k8s-master-01 ~]# kubectl get sc
NAME PROVISIONER AGE
gluster-heketi kubernetes.io/glusterfs 4d22h1.3、sonarqube版本
soanrqube版本:7.9.1.27448
2、部署sonarqube
SonarQube需要依赖数据库存储数据,且SonarQube7.9及其以后版本将不再支持Mysql,所以这里推荐设置PostgreSQL作为SonarQube的数据库。
2.1、部署PostgreSQL
在k8s集群部署PostgreSQL,需要将数据库的数据文件持久化,因此需要创建对应的pv,本次安装通过storageclass创建pv。由于postgre只需要集群内部连接,因此采用Headless service来创建数据库对应的svc,数据库的端口是5432,最终的yaml如下
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-sonar
labels:
app: postgres-sonar
spec:
replicas: 1
selector:
matchLabels:
app: postgres-sonar
template:
metadata:
labels:
app: postgres-sonar
spec:
containers:
- name: postgres-sonar
image: postgres:11.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: "sonarDB"
- name: POSTGRES_USER
value: "sonarUser"
- name: POSTGRES_PASSWORD
value: "123456"
resources:
limits:
cpu: 1000m
memory: 2048Mi
requests:
cpu: 500m
memory: 1024Mi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: postgres-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-data
spec:
accessModes:
- ReadWriteMany
storageClassName: "gluster-heketi"
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: postgres-sonar
labels:
app: postgres-sonar
spec:
clusterIP: None
ports:
- port: 5432
protocol: TCP
targetPort: 5432
selector:
app: postgres-sonar执行kubectl apply创建资源,并检查对应的pv,pvc以及日志
[root@k8s-master-01 ~]# kubectl get pv,pvc
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
persistentvolume/pvc-f0157e05-427b-45af-8c09-9803b11f7036 1Gi RWX Retain Bound default/postgres-data gluster-heketi 133m
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
persistentvolumeclaim/postgres-data Bound pvc-f0157e05-427b-45af-8c09-9803b11f7036 1Gi RWX gluster-heketi 133m
[root@k8s-master-01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
[root@k8s-master-01 ~]# kubectl get pods|grep postgres
postgres-sonar-75d7f8d99-sxdnn 1/1 Running 0 136m2.2、部署SonarQube
先看看yaml,后面附上说明:
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
containers:
- name: sonarqube
image: sonarqube:lts
ports:
- containerPort: 9000
env:
- name: SONARQUBE_JDBC_USERNAME
value: "sonarUser"
- name: SONARQUBE_JDBC_PASSWORD
value: "123456"
- name: SONARQUBE_JDBC_URL
value: "jdbc:postgresql://postgres-sonar:5432/sonarDB"
livenessProbe:
httpGet:
path: /sessions/new
port: 9000
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /sessions/new
port: 9000
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
resources:
limits:
cpu: 2000m
memory: 2048Mi
requests:
cpu: 1000m
memory: 1024Mi
volumeMounts:
- mountPath: /opt/sonarqube/conf
name: data
subPath: conf
- mountPath: /opt/sonarqube/data
name: data
subPath: data
- mountPath: /opt/sonarqube/extensions
name: data
subPath: extensions
volumes:
- name: data
persistentVolumeClaim:
claimName: sonarqube-data
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-data
spec:
accessModes:
- ReadWriteMany
storageClassName: "gluster-heketi"
resources:
requests:
storage: 10Gi
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube
labels:
app: sonarqube
spec:
type: NodePort
ports:
- name: sonarqube
port: 9000
targetPort: 9000
nodePort: 30003
protocol: TCP
selector:
app: sonarqube- 通过官方的
sonar镜像部署,通过环境变量指定连接数据库的地址信息,同样通过storageclass来提供存储卷,通过NodePort方式暴露服务。 - 与常规部署不同的是,这里对
sonar通过init container进行了初始化,执行修改了容器的vm.max_map_count大小。修改这里的原因可以参考官方文档
修改此权限需要授权能执行系统命令
securityContext:
privileged: true2.3、访问检查
上述部署完成后,检查控制器创建的pod是否正常,并通过nodeport方式访问即可,默认登录的用户名和密码是admin/admin
中文插件名称:Chinese Pack,安装过程在界面操作,这里省略
