Kubernetes 搭建 SonarQube代码检测工具

一、SonarQube介绍

SonarQube(sonar)是一个开源平台，用于管理源代码的质量。 SonarQube不只是一个质量数据报告工具，更是代码质量管理平台。 支持java, C#, C/C++, PL/SQL, Cobol, JavaScrip, Groovy 等等二十几种编程语言的代码质量管理与检测。 SonarQube可以从以下七个维度检测代码质量，而作为开发人员至少需要处理前5种代码质量问题。

二、在K8s集群内部署SonarQube

SonarQube使用ldap作用用户登录，使用官方镜像默认的管理员帐号密码都是admin，登录后再修改密码。

2.1 SonqrQube的sonar.properties配置文件，使用configmap的方式进行挂载

# cat configmap.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: sonarqube-test-configmap
  namespace: test
  labels:
    app: sonarqube-test
data:
  sonar.properties: |
    sonar.jdbc.username=postgres
    sonar.jdbc.password=password
    sonar.jdbc.url=jdbc:postgresql://127.0.0.1/sonarqube
    sonar.path.data=/opt/sonarqube/data
    sonar.path.temp=/opt/sonarqube/temp
    sonar.web.host=0.0.0.0
    sonar.web.port=9000
    sonar.web.context=/
    sonar.security.realm=LDAP
    ldap.url=ldap://192.168.7.77:389
    ldap.bindDn=cn=admin,dc=lzfn,dc=cn
    ldap.bindPassword=ldappasswd
    ldap.user.baseDn=ou=internal,ou=People,dc=lsfn,dc=cn
    ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
    ldap.user.realNameAttribute=cn
    ldap.user.emailAttribute=mail

2.2 创建svc服务，用于对外访问。

# cat svc.yaml 
apiVersion: v1
kind: Service
metadata:
  name: sonarqube-test-svc
  namespace: test
  labels:
    app: sonarqube-test
  annotations:
    service.kubernetes.io/qcloud-loadbalancer-internal-subnetid: subnet-aabccugv
spec:
  ports:
  - name: sonarqube
    port: 9000
    protocol: TCP
    targetPort: 9000
  selector:
    app: sonarqube-test
  sessionAffinity: None
  type: LoadBalancer

2.3 将sonarqube和postgre部署在同一个pod中，因为需要持久化存储，所以使用statefulset的方式

# cat sonarqube-test-statefulset.yaml 
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: sonarqube-test
  namespace: test
  labels:
    app: sonarqube-test
spec:
  serviceName: sonarqube-test-svc
  replicas: 1
  selector:
    matchLabels:
      app: sonarqube-test
  template:
    metadata:
      labels:
        app: sonarqube-test
    spec:
      nodeSelector:
        public: enable
      containers:
      - name: postgres
        imagePullPolicy: IfNotPresent
        image: postgres:9.6.22
        resources:
          requests:
            cpu: 500m
            memory: 1024Mi
          limits:
            cpu: 2000m
            memory: 3093Mi 
        ports:
        - name: postgres-port
          containerPort: 5432
        readinessProbe:
          tcpSocket:
            port: 5432
          initialDelaySeconds: 30
          periodSeconds: 5
        livenessProbe:
          tcpSocket:
            port: 5432
          initialDelaySeconds: 30
          failureThreshold: 30
          periodSeconds: 10
        volumeMounts:
        - name: postgres-data
          mountPath: "/var/lib/postgresql/data"
        env:
        - name: POSTGRES_PASSWORD
          value: "password"
        - name: POSTGRES_USER
          value: "postgres"
        - name: POSTGRES_DB
          value: "sonarqube"
        - name: PGDATA
          value: "/var/lib/postgresql/data/pgdata"

      - name: sonarqube
        imagePullPolicy: IfNotPresent
        image: sonarqube:lts-community
        resources:
          requests:
            cpu: 500m
            memory: 1024Mi
          limits:
            cpu: 2000m
            memory: 4006Mi
        volumeMounts:
        - name: sonarqube-data
          mountPath: "/opt/sonarqube/data"
        - name: sonarqube-plush-data
          mountPath: "/opt/sonarqube/extensions/plugins"
        - name: sonarqube-test-configmap
          mountPath: "/opt/sonarqube/conf/sonar.properties"
          subPath: "sonar.properties"
        ports:
        - name: sonarqube-port
          containerPort: 9000
        readinessProbe:
          tcpSocket:
            port: 9000
          initialDelaySeconds: 30
          periodSeconds: 5
        livenessProbe:
          tcpSocket:
            port: 9000
          initialDelaySeconds: 30
          failureThreshold: 30
          periodSeconds: 10
        env:
        - name: POD_IP
          valueFrom:
            fieldRef:
              fieldPath: status.podIP
      volumes:
      - name: sonarqube-test-configmap
        configMap:
          name: sonarqube-test-configmap


  volumeClaimTemplates:
  - metadata:
      name: sonarqube-data
    spec:
      storageClassName: cbs
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 50Gi

  - metadata:
      name: postgres-data
    spec:
      storageClassName: cbs
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 50Gi

  - metadata:
      name: sonarqube-plush-data
    spec:
      storageClassName: cbs
      accessModes:
      - ReadWriteOnce
      resources:
        requests:
          storage: 10Gi

三、安装中文汉化并集成阿里的P3C规范

3.1 下载插件，先进行sonarqube的pod之后下载汉化插件和p3c插件，修改权限，最后重启pod，再进行配置。

# kubectl exec -it sonarqube-test-0 -n test -c sonarqube bash

# cd /opt/sonarqube/extensions/plugins/
# wget https://github.com/xuhuisheng/sonar-l10n-zh/releases/download/sonar-l10n-zh-plugin-8.9/sonar-l10n-zh-plugin-8.9.jar
# wget https://github.com/jensgerdes/sonar-pmd/releases/download/3.3.1/sonar-pmd-plugin-3.3.1.jar
# chown sonarqube.sonarqube sonar-*

3.2 登录Sonarqube-->质量管理-->右上角创建

 

3.3 输入名称sonar-pmd-p3c，语言选择Java，点击创建

 

 

 3.4 首次创建会跳转到代码规则配置页面，刚新建的 profile 是没有激活任何规则的，需要手动激活

 

 3.5 激活sonar-pdm-p3c

 

 3.6 将sonar-pdm-p3c 设置为默认规则

 

 3.7 配置上jenkins之后，每次构建就能自动检测代码了。