Kubernetes 搭建 SonarQube代码检测工具
一、SonarQube介绍
SonarQube(sonar)是一个开源平台,用于管理源代码的质量。 SonarQube不只是一个质量数据报告工具,更是代码质量管理平台。 支持java, C#, C/C++, PL/SQL, Cobol, JavaScrip, Groovy 等等二十几种编程语言的代码质量管理与检测。 SonarQube可以从以下七个维度检测代码质量,而作为开发人员至少需要处理前5种代码质量问题。
二、在K8s集群内部署SonarQube
SonarQube使用ldap作用用户登录,使用官方镜像默认的管理员帐号密码都是admin,登录后再修改密码。
2.1 SonqrQube的sonar.properties配置文件,使用configmap的方式进行挂载
# cat configmap.yaml apiVersion: v1 kind: ConfigMap metadata: name: sonarqube-test-configmap namespace: test labels: app: sonarqube-test data: sonar.properties: | sonar.jdbc.username=postgres sonar.jdbc.password=password sonar.jdbc.url=jdbc:postgresql://127.0.0.1/sonarqube sonar.path.data=/opt/sonarqube/data sonar.path.temp=/opt/sonarqube/temp sonar.web.host=0.0.0.0 sonar.web.port=9000 sonar.web.context=/ sonar.security.realm=LDAP ldap.url=ldap://192.168.7.77:389 ldap.bindDn=cn=admin,dc=lzfn,dc=cn ldap.bindPassword=ldappasswd ldap.user.baseDn=ou=internal,ou=People,dc=lsfn,dc=cn ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login})) ldap.user.realNameAttribute=cn ldap.user.emailAttribute=mail
2.2 创建svc服务,用于对外访问。
# cat svc.yaml apiVersion: v1 kind: Service metadata: name: sonarqube-test-svc namespace: test labels: app: sonarqube-test annotations: service.kubernetes.io/qcloud-loadbalancer-internal-subnetid: subnet-aabccugv spec: ports: - name: sonarqube port: 9000 protocol: TCP targetPort: 9000 selector: app: sonarqube-test sessionAffinity: None type: LoadBalancer
2.3 将sonarqube和postgre部署在同一个pod中,因为需要持久化存储,所以使用statefulset的方式
# cat sonarqube-test-statefulset.yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: sonarqube-test namespace: test labels: app: sonarqube-test spec: serviceName: sonarqube-test-svc replicas: 1 selector: matchLabels: app: sonarqube-test template: metadata: labels: app: sonarqube-test spec: nodeSelector: public: enable containers: - name: postgres imagePullPolicy: IfNotPresent image: postgres:9.6.22 resources: requests: cpu: 500m memory: 1024Mi limits: cpu: 2000m memory: 3093Mi ports: - name: postgres-port containerPort: 5432 readinessProbe: tcpSocket: port: 5432 initialDelaySeconds: 30 periodSeconds: 5 livenessProbe: tcpSocket: port: 5432 initialDelaySeconds: 30 failureThreshold: 30 periodSeconds: 10 volumeMounts: - name: postgres-data mountPath: "/var/lib/postgresql/data" env: - name: POSTGRES_PASSWORD value: "password" - name: POSTGRES_USER value: "postgres" - name: POSTGRES_DB value: "sonarqube" - name: PGDATA value: "/var/lib/postgresql/data/pgdata" - name: sonarqube imagePullPolicy: IfNotPresent image: sonarqube:lts-community resources: requests: cpu: 500m memory: 1024Mi limits: cpu: 2000m memory: 4006Mi volumeMounts: - name: sonarqube-data mountPath: "/opt/sonarqube/data" - name: sonarqube-plush-data mountPath: "/opt/sonarqube/extensions/plugins" - name: sonarqube-test-configmap mountPath: "/opt/sonarqube/conf/sonar.properties" subPath: "sonar.properties" ports: - name: sonarqube-port containerPort: 9000 readinessProbe: tcpSocket: port: 9000 initialDelaySeconds: 30 periodSeconds: 5 livenessProbe: tcpSocket: port: 9000 initialDelaySeconds: 30 failureThreshold: 30 periodSeconds: 10 env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP volumes: - name: sonarqube-test-configmap configMap: name: sonarqube-test-configmap volumeClaimTemplates: - metadata: name: sonarqube-data spec: storageClassName: cbs accessModes: - ReadWriteOnce resources: requests: storage: 50Gi - metadata: name: postgres-data spec: storageClassName: cbs accessModes: - ReadWriteOnce resources: requests: storage: 50Gi - metadata: name: sonarqube-plush-data spec: storageClassName: cbs accessModes: - ReadWriteOnce resources: requests: storage: 10Gi
三、安装中文汉化并集成阿里的P3C规范
3.1 下载插件,先进行sonarqube的pod之后下载汉化插件和p3c插件,修改权限,最后重启pod,再进行配置。
# kubectl exec -it sonarqube-test-0 -n test -c sonarqube bash # cd /opt/sonarqube/extensions/plugins/ # wget https://github.com/xuhuisheng/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-8.9/sonar-l10n-zh-plugin-8.9.jar # wget https://github.com/jensgerdes/sonar-pmd/releases/download/3.3.1/sonar-pmd-plugin-3.3.1.jar # chown sonarqube.sonarqube sonar-*
3.2 登录Sonarqube-->质量管理-->右上角创建
3.3 输入名称sonar-pmd-p3c,语言选择Java,点击创建
3.4 首次创建会跳转到代码规则配置页面,刚新建的 profile 是没有激活任何规则的,需要手动激活
3.5 激活sonar-pdm-p3c
3.6 将sonar-pdm-p3c 设置为默认规则
3.7 配置上jenkins之后,每次构建就能自动检测代码了。