sonarqube代码质量检测k8s环境部署

1. postgres

1.1 postgres-pvc.yaml

cat postgres-pvc.yaml 
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: jenkins
  name: postgres-data
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "managed-nfs-storage"
  resources:
    requests:
      storage: 5Gi

1.2 sonar-pgsql.yaml

cat sonar-pgsql.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: jenkins
  name: postgres-sonar
  labels:
    app: postgres-sonar
spec:
  replicas: 1
  selector:
    matchLabels:
      app: postgres-sonar
  template:
    metadata:
      labels:
        app: postgres-sonar
    spec:
      containers:
      - name: postgres-sonar
        image: 192.168.64.33:5000/jenkins/postgres:14.2
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 5432
        env:
        - name: POSTGRES_DB
          value: "sonarDB"
        - name: POSTGRES_USER
          value: "sonar"
        - name: POSTGRES_PASSWORD 
          value: "sonar"
        resources:
          limits:
            cpu: 1000m
            memory: 2048Mi
          requests:
            cpu: 500m
            memory: 1024Mi
        volumeMounts:
          - name: data
            mountPath: /var/lib/postgresql/data
      volumes:
        - name: data
          persistentVolumeClaim:
            claimName: postgres-data

---
apiVersion: v1
kind: Service
metadata:
  namespace: jenkins
  name: postgres-sonar
  labels:
    app: postgres-sonar
spec:
  clusterIP: None
  ports:
  - port: 5432
    protocol: TCP
    targetPort: 5432
  selector:
    app: postgres-sonar

2. sonar

2.1 sonar-pvc.yaml

cat sonar-pvc.yaml 
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  namespace: jenkins
  name: sonarqube-data
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: "managed-nfs-storage"
  resources:
    requests:
      storage: 10Gi

2.2 sonar-deploy.yaml

cat sonar-deploy.yaml 
apiVersion: v1
kind: ConfigMap
metadata:
  name: sonar-config
  namespace: jenkins
  labels:
    app: sonar
data:
  sonar.properties: |
    sonar.jdbc.url=jdbc:postgresql://postgres-sonar:5432/sonarDB
    sonar.jdbc.username=sonar
    sonar.jdbc.password=sonar
---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: jenkins
  name: sonarqube
  labels:
    app: sonarqube
spec:
  replicas: 1
  selector:
    matchLabels:
      app: sonarqube
  template:
    metadata:
      labels:
        app: sonarqube
    spec:
      initContainers:
      - name: init-sysctl
        image: 192.168.129.33:5000/k8s/busybox
        imagePullPolicy: IfNotPresent
        command: ["sysctl", "-w", "vm.max_map_count=262144"]
        securityContext:
          privileged: true
      containers:
      - name: sonarqube
        image: 192.168.64.33:5000/jenkins/sonarqube:lts-community
        ports:
        - containerPort: 9000
        #env:
        #- name: SONARQUBE_JDBC_USERNAME
        #  value: "sonar"
        #- name: SONARQUBE_JDBC_PASSWORD
        #  value: "sonar"
        #- name: SONARQUBE_JDBC_URL
        #  value: "jdbc:postgresql://postgres-sonar:5432/sonarDB"
        #envFrom:
        #- configMapRef:
        #    name: sonar-config
        livenessProbe:
          httpGet:
            path: /sessions/new
            port: 9000
          initialDelaySeconds: 60
          periodSeconds: 30
        readinessProbe:
          httpGet:
            path: /sessions/new
            port: 9000
          initialDelaySeconds: 60
          periodSeconds: 30
          failureThreshold: 6
        resources:
          limits:
            cpu: 2000m
            memory: 2048Mi
          requests:
            cpu: 1000m
            memory: 1024Mi
        volumeMounts:
        - mountPath: /opt/sonarqube/conf
          name: config-volume
        - mountPath: /opt/sonarqube/data
          name: data
          subPath: data
        - mountPath: /opt/sonarqube/extensions
          name: data
          subPath: extensions
      volumes:
      - name: config-volume
        configMap:
          name: sonar-config
      - name: data
        persistentVolumeClaim:
          claimName: sonarqube-data  

---
apiVersion: v1
kind: Service
metadata:
  namespace: jenkins
  name: sonarqube
  labels:
    app: sonarqube
spec:
  type: NodePort
  ports:
    - name: sonarqube
      port: 9000
      targetPort: 9000
      nodePort: 32107
      protocol: TCP
  selector:
    app: sonarqube

3. 使用

Sonar Qube基本使用 
Sonar Qube的使用方式很多，Maven可以整合，也可以采用sonar-scanner的方式，再查看Sonar Qube的检测效果

3.1 Maven实现代码检测

# 修改Maven的settings.xml文件配置Sonar Qube信息
<profile>
 <id>sonar</id>
 <activation>
   <activeByDefault>true</activeByDefault>
 </activation>
 <properties>
   <sonar.login>admin</sonar.login>
   <sonar.password>123456789</sonar.password>
   <sonar.host.url>http://192.168.64.11:9000</sonar.host.url>
 </properties>
</profile>

<activeProfiles>
  <activeProfile>sonar</activeProfile>
</activeProfiles>

# 在代码位置执行命令：mvn sonar:sonar

3.2 Sonar-scanner实现代码检测

# 下载Sonar-scanner：https://binaries.sonarsource.com/?prefix=Distribution/sonar-scanner-cli/
# 下载4.6.x版本即可，要求Linux版本
https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip

#解压压缩包
unzip sonar-scanner-cli-5.0.1.3006-linux.zip
配置sonarQube服务端地址，修改conf下的sonar-scanner.properties
cat conf/sonar-scanner.properties 
#----- Default SonarQube server
sonar.host.url=http://192.168.64.11:9000

#----- Default source code encoding
sonar.sourceEncoding=UTF-8

# 执行命令检测代码
# 在项目所在目录执行以下命令
~/sonar-scanner/bin/sonar-scanner -Dsonar.sources=./ -Dsonar.projectname=demo -Dsonar.projectKey=java -Dsonar.java.binaries=target/

# jenkins 质量检测 需要安装插件（SonarQube Scanner） (-Dsonar.login在sonar页面-->A-->Security-->Tokens-->输入名称生成)
sh '/usr/local/sonar-scanner/bin/sonar-scanner -Dsonar.source=./ -Dsonar.projectname=${project_name} -Dsonar.projectKey=${project_name} -Dsonar.java.binaries=./target/ -Dsonar.login=sqa_84895325ade0ae399b8295bb304f6ba4255357ce'