sonar 8.9版本k8s安装部署
目录
sonar 8.9版本k8s安装部署
官网地址: https://docs.sonarsource.com/sonarqube/8.9/
背景
最近需要通过go调用api来实现自动扫描某个项目的某个代码分支,而我们平时下载的镜像或者包一般都是社区版,因为比较稳定嘛,但是社区版有个弊端,就是仅支持main分支或master分支。
如果我想扫描develop分支就不行了,所以下面介绍了两种部署: 社区版和开发版 。 开发版的弊端是下载插件需要手工下载,不能想社区版在页面就可以
社区版
pgsql 11.4 安装
官方文档有写,支持的数据库有pgsql\甲骨文等,不支持mysql
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-data
namespace: sonar
spec:
accessModes:
- ReadWriteMany
storageClassName: "nfs"
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgresql
namespace: sonar
labels:
app: postgresql
spec:
replicas: 1
selector:
matchLabels:
app: postgresql
template:
metadata:
labels:
app: postgresql
spec:
containers:
- name: postgresql-for-sonar
image: postgres:11.4
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 5432
env: # 这里设置 PostgreSQL 启动时候所需要的环境变量
- name: POSTGRES_DB # 定义要创建的数据库名称
value: sonarDB
- name: POSTGRES_USER # 定义要创建访问数据库的用户
value: sonarUser
- name: POSTGRES_PASSWORD # 定义数据库的密码
value: "***"
resources:
limits:
cpu: 1000m
memory: 2048Mi
requests:
cpu: 500m
memory: 1024Mi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
persistentVolumeClaim:
claimName: postgres-data
---
apiVersion: v1
kind: Service
metadata:
name: postgresql
namespace: sonar
labels:
app: postgresql
spec:
type: NodePort
#type: ClusterIP
ports:
- port: 5432
targetPort: 5432
nodePort: 30543
protocol: TCP
selector:
app: postgresql
SonarQUBE
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: sonar-pvc
namespace: sonar
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 20Gi
storageClassName: nfs
volumeMode: Filesystem
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
namespace: sonar
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
volumes:
- name: sonarqube
persistentVolumeClaim:
claimName: sonar-pvc
- name: sonarqube-config
configMap:
name: sonarqube-config
initContainers:
- name: init-sysctl
image: busybox
command:
- sysctl
- '-w'
- vm.max_map_count=262144
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
containers:
- name: sonarqube
image: mc1arke/sonarqube-with-community-branch-plugin:8.9-community
ports:
- containerPort: 9000
protocol: TCP
env:
- name: SONARQUBE_JDBC_USERNAME
value: sonarUser
- name: SONARQUBE_JDBC_PASSWORD
value: ******
- name: SONARQUBE_JDBC_URL
value: >-
jdbc:postgresql://postgresql:5432/sonarDB?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=flase
resources:
limits:
cpu: '2'
memory: 2Gi
requests:
cpu: '1'
memory: 1Gi
volumeMounts:
- name: sonarqube-config
mountPath: /opt/sonarqube/conf
subPath: conf
- name: sonarqube
mountPath: /opt/sonarqube/data
subPath: data
imagePullPolicy: IfNotPresent
restartPolicy: Always
dnsPolicy: ClusterFirst
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube
namespace: sonar
labels:
app: sonarqube
spec:
ports:
- name: sonarqube
protocol: TCP
port: 9000
targetPort: 9000
nodePort: 31900 #看需求
selector:
app: sonarqube
type: NodePort
#type: ClusterIP
---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: sonarqube
namespace: sonar
spec:
ingressClassName: nginx
rules:
- host: sonarqube-sonar.123.cn
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: sonarqube
port:
number: 9000
访问web页面
可以使用nodeport的端口,比如文中的web页面就是公网:31900
也可以用ingress,配置hosts,访问域名
账号密码 admin/admin ,第一次登录会提示更改密码
sonar scanner的使用:宿主机
#下载最新的scanner
wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.0.0.702-linux.zip
#解压缩
unzip sonar-scanner-cli-3.0.0.702-linux.zip /data/
#设置软连接
ln -sv /data/sonar-scanner-cli-3.0.0.702-linux/ /usr/local/sonar-scanner
#使用扫描 请先进入相关项目目录
sonar-scanner -X '-Dsonar.projectKey=项目KEY' '-Dsonar.projectName=项目名' '-Dsonar.sourceEncoding=UTF-8' '-Dsonar.branch.name=分支 '-Dsonar.language=编程语言' '-Dsonar.projectVersion=可以写commitid' #java参数('-Dsonar.sources=./' '-Dsonar.java.binaries=target/classes')#go参数('-Dsonar.exclusions=docs/**,api/**/*.go,**/*.pb.go' )#前端参数(-Dsonar.coverage.dtdVerification=false -Dsonar.sources=src -Dsonar.exclusions=**/node_modules/**,**/*.spec.js,**/test-data/*.js,**/testing/*.js,**/assets/js/*.js -Dsonar.tests=src -Dsonar.test.inclusions=**/*.spec.js -Dsonar.test.exclusions=**/multiselect-dropdown/*.js) '-Dsonar.host.url=sonar地址' '-Dsonar.login=上面生成的token'
开发版
与社区版不同,我这里数据挂载到本地了,且没挂在域名
pgsql安装
注意,我这里还加了节点亲和性
# 可以给节点添加标签,让这个pod固定在这台机器上
kubectl label node test-kubernets-node04 postgres-sonar-develop=
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-sonar-develop
namespace: store
labels:
app: postgres-sonar-develop
spec:
replicas: 1
selector:
matchLabels:
app: postgres-sonar-develop
template:
metadata:
labels:
app: postgres-sonar-develop
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: postgres-sonar-develop
operator: Exists
containers:
- name: postgres-sonar
image: postgres:11.4
env:
- name: POSTGRES_DB
value: sonarDB
- name: POSTGRES_USER
value: sonarUser
- name: POSTGRES_PASSWORD
value: "123456"
ports:
- containerPort: 5432
resources:
limits:
cpu: "1"
memory: 2Gi
requests:
cpu: 500m
memory: 1Gi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
hostPath:
path: /data/store/postgresql_data
---
apiVersion: v1
kind: Service
metadata:
name: postgres-sonar-svc-develop
namespace: store
labels:
app: postgres-sonar-develop
spec:
ports:
- port: 5432
targetPort: 5432
selector:
app: postgres-sonar-develop
clusterIP: None
sonar安装
注意,我这里也加了节点亲和性
# 可以给节点添加标签,让这个pod固定在这台机器上
kubectl label node test-kubernets-node04 sonarqube9-develop=
# 在test-kubernets-node04的机器上提前创建好目录
mkdir -p /data/store/sonarqube8
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube9-develop
namespace: store
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube9-develop
template:
metadata:
labels:
app: sonarqube9-develop
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: sonarqube9-develop
operator: Exists
containers:
- name: sonarqube9-develop
image: docker.m.daocloud.io/sonarqube:8.9-developer
env:
- name: SONAR_JDBC_USERNAME
value: sonarUser
- name: SONAR_JDBC_PASSWORD
value: "123456"
- name: SONAR_JDBC_URL
value: jdbc:postgresql://postgres-sonar-svc-develop:5432/sonarDB
ports:
- containerPort: 9000
volumeMounts:
- name: data
mountPath: /opt/sonarqube/conf
subPath: conf
- name: data
mountPath: /opt/sonarqube/data
subPath: data
- name: data
mountPath: /opt/sonarqube/extensions
subPath: extensions
initContainers:
- name: init-sysctl
image: busybox
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
volumes:
- name: data
hostPath:
path: /data/store/sonarqube8
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube9-develop
namespace: store
spec:
selector:
app: sonarqube9-develop
type: NodePort
ports:
- name: sonarqube9-develop
port: 9000
targetPort: 9000
nodePort: 30090
前端登陆及测试
访问节点ip+端口即可。如 http://192.168.8.86:30090
其他与社区版一样。
扩展
阅读官网不难发现,sonar和prometheus很像,sonar自身就三个重要组件: web前端、es缓存、处理sonar scanner发过来的扫描信息整理存储到数据库中。 而sonar scanner有多种,可以是客户端,可以是gitlab/jenkins的插件等。扫描代码得到第一版数据交给sonarqube的处理后展示在页面。
即使sonar scanner处理完交给了sonarqube,而sonarqube还没整理完,在页面上也不会展示
