DevOps(5)--SonarQube安装配置
SonarQube安装配置
SonarQube是一款用于代码质量管理的开源工具,它主要用于管理源代码的质量。 通过插件形式,可以支持众多计算机语言,比如 java, C#, go,C/C++, PL/SQL, Cobol, JavaScrip, Groovy 等。sonar可以通过PMD,CheckStyle,Findbugs等等代码规则检测工具来检测你的代码,帮助你发现代码的漏洞,Bug等
1. 使用流程
开发人员编写代码
使用sonar进行本地代码检查
提交代码到代码仓库
提交CI/CD流水线
流水线集成sonar进行代码检查
有问题通知开发者,生成扫描报告
2.安装
地址:https://www.sonarsource.com/
SonarQube实例包含三个组件:sonarqube-scanner ,sonarqube server和Database server
sonarqube server上主要有3个应用:
Web服务:为SonarQube用户界面提供服务的。
搜索服务:基于 Elasticsearch 。
计算引擎:负责处理代码分析报告并将其保存在SonarQube数据库中
有四个版本:社区版(免费),开发者版,企业版和数据中心版
2.1 依赖的环境
SonarQube安装需要2G以上的内存,jdk11或17,PostgreSQL。
2.2 k8s部署
目前我们已经有了k8s环境,所以部署应用我们使用k8s来部署
2.2.1 storageclass
storageclass.yaml:
apiVersion: storage.k8s.io/v1 ## 创建了一个存储类
kind: StorageClass
metadata:
name: sonar-storage
annotations:
storageclass.kubernetes.io/is-default-class: "true"
namespace: sonar
provisioner: sonar-data #Deployment中spec.template.spec.containers.env.name.PROVISIONER_NAME 保持一致
parameters:
archiveOnDelete: "true" ## 删除pv的时候,pv的内容是否要备份
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonar-nfs-client-provisioner
labels:
app: sonar-nfs-client-provisioner
namespace: sonar
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: sonar-nfs-client-provisioner
template:
metadata:
labels:
app: sonar-nfs-client-provisioner
spec:
serviceAccountName: sonar-nfs-client-provisioner
containers:
- name: sonar-nfs-client-provisioner
image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/nfs-subdir-external-provisioner:v4.0.2
volumeMounts:
- name: nfs-client-root
mountPath: /persistentvolumes
env:
- name: PROVISIONER_NAME
value: sonar-data
- name: NFS_SERVER
value: 192.168.200.101 ## 指定自己nfs服务器地址
- name: NFS_PATH
value: /data/sonar ## nfs服务器共享的目录
volumes:
- name: nfs-client-root
nfs:
server: 192.168.200.101
path: /data/sonar
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sonar-nfs-client-provisioner
namespace: sonar
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sonar-nfs-client-provisioner-runner
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["events"]
verbs: ["create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sonar-run-nfs-client-provisioner
subjects:
- kind: ServiceAccount
name: sonar-nfs-client-provisioner
namespace: sonar
roleRef:
kind: ClusterRole
name: sonar-nfs-client-provisioner-runner
apiGroup: rbac.authorization.k8s.io
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sonar-leader-locking-nfs-client-provisioner
namespace: sonar
rules:
- apiGroups: [""]
resources: ["endpoints"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sonar-leader-locking-nfs-client-provisioner
namespace: sonar
subjects:
- kind: ServiceAccount
name: sonar-nfs-client-provisioner
namespace: sonar
roleRef:
kind: Role
name: sonar-leader-locking-nfs-client-provisioner
apiGroup: rbac.authorization.k8s.io
2.2.2 PostgreSQL
pgsql.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-data
namespace: sonar
spec:
accessModes:
- ReadWriteMany
storageClassName: "sonar-storage"
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-sonar
namespace: sonar
spec:
replicas: 1
selector:
matchLabels:
app: postgres-sonar
template:
metadata:
labels:
app: postgres-sonar
spec:
containers:
- name: postgres-sonar
image: postgres:14
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: "sonarDB"
- name: POSTGRES_USER
value: "sonarUser"
- name: POSTGRES_PASSWORD
value: "123456"
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: postgres-data
---
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: sonar
labels:
app: postgres-sonar
spec:
ports:
- name: postgres
port: 5432
targetPort: 5432
protocol: TCP
selector:
app: postgres-sonar
2.2.3 SonarQube
sonar.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonarqube-data
namespace: sonar
spec:
accessModes:
- ReadWriteMany
storageClassName: "sonar-storage"
resources:
requests:
storage: 1Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
namespace: sonar
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
initContainers:
- name: init-sysctl
image: busybox:latest
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
containers:
- name: sonarqube
image: sonarqube:lts
ports:
- containerPort: 9000
env:
- name: SONAR_JDBC_USERNAME
value: "sonarUser"
- name: SONAR_JDBC_PASSWORD
value: "123456"
- name: SONAR_JDBC_URL
value: "jdbc:postgresql://postgres:5432/sonarDB"
livenessProbe:
httpGet:
path: /sessions/new
port: 9000
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /sessions/new
port: 9000
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
volumeMounts:
- mountPath: /opt/sonarqube/conf
name: data
- mountPath: /opt/sonarqube/data
name: data
- mountPath: /opt/sonarqube/extensions
name: data
volumes:
- name: data
persistentVolumeClaim:
claimName: sonarqube-data
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube
namespace: sonar
labels:
app: sonarqube
spec:
type: NodePort
ports:
- name: sonarqube
port: 9000
targetPort: 9000
nodePort: 31124
protocol: TCP
selector:
app: sonarqube
默认是admin/admin 初次进来会提示修改密码
2.2.4 汉化
DevOps(5)--SonarQube安装配置
http://47.123.5.226:8090//archives/devops-5---sonarqubean-zhuang-pei-zhi