SonarQube

Reference

Deploy SonarQube on Kubernetes

https://docs.sonarsource.com/sonarqube/9.9/setup-and-upgrade/deploy-on-kubernetes/deploy-sonarqube-on-kubernetes/

SonarSource / helm-chart-sonarqube

https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube

Install and configure SonarQube on the OpenShift container platform and CI/CD automation with Jenkins

https://medium.com/@singhprashant2599/install-and-configure-sonarqube-on-the-openshift-container-platform-and-ci-cd-automation-with-371d4bc65064

Install manually on OpenShift (OKD 4.15)

This procedure follows the indication at the reference "Install and configure SonarQube on the OpenShift container platform and CI/CD automation with Jenkins".

Pre-requisites

OKD is up and running w/ DNS record:

*.apps.myokd.mydomain.tld

Create a new OpenShift project, eg:

$ oc new-project jenkinsonar  --display-name 'Jenkins Sonar'

PostgreSQL configuration

Helm charts:

bitnami/postgresql                      15.5.4          16.3.0

Install:

oc project jenkinsonar

helm upgrade postgres bitnami/postgresql --version '15.5.4' --install

Output

PostgreSQL can be accessed via port 5432 on the following DNS names from within your cluster:

    postgres-postgresql.jenkinsonar.svc.cluster.local - Read/Write connection

To get the password for "postgres" run:

    export POSTGRES_PASSWORD=$(kubectl get secret --namespace jenkinsonar postgres-postgresql -o jsonpath="{.data.postgres-password}" | base64 -d)

To connect to your database run the following command:

    kubectl run postgres-postgresql-client --rm --tty -i --restart='Never' --namespace jenkinsonar --image docker.io/bitnami/postgresql:16.3.0-debian-12-r13 --env="PGPASSWORD=$POSTGRES_PASSWORD" --command -- psql --host postgres-postgresql -U postgres -d postgres -p 5432

Create the database that SonarQube will use

postgres=# create user sonarqube with encrypted password '<db-password>';

postgres=# ALTER USER sonarqube CREATEDB;

ALTER USER sonarqube SET search_path to sonarqube;

postgres=# create database sonarqube OWNER sonarqube;

postgres=# grant all privileges on database sonarqube to sonarqube;

\connect sonarqube;

create schema sonarqube;

GRANT ALL ON SCHEMA sonarqube TO sonarqube;

SonarQube configuration

sonar-deployment.yml

apiVersion: apps/v1

kind: Deployment

metadata:

  name: sonarqube

spec:

  replicas: 1

  selector:

    matchLabels:

      app: sonarqube

  template:

    metadata:

      labels:

        app: sonarqube

    spec:

      containers:

      - name: sonarqube

        image: sonarqube

        ports:

        - containerPort: 9000

        env:

        - name: SONAR_JDBC_URL

          value: "jdbc:postgresql://postgres-postgresql.jenkinsonar.svc.cluster.local:5432/sonarqube?currentSchema=sonarqube"

        - name: SONAR_JDBC_USERNAME

          value: "sonarqube"

        - name: SONAR_JDBC_PASSWORD

          value: "<db-password>"

$ oc apply -f sonar-deployment.yml

sonar-service.yml

apiVersion: v1

kind: Service

metadata:

  name: sonarqube

spec:

  ports:

    - port: 9000

      targetPort: 9000

  selector:

    app: sonarqube

  type: ClusterIP

$ oc apply -f sonar-service.yml

sonar-route.yml

apiVersion: route.openshift.io/v1

kind: Route

metadata:

  name: sonarqube-route

spec:

  host: sonarqube.apps.myokd.mydomain.tld

  to:

    kind: Service

    name: sonarqube

    weight: 100

  port:

    targetPort: 9000

$ oc apply -f sonar-route.yml

Access the SonarQube in a web browser using default credentials:

http://sonarqube.apps.myokd.mydomain.tld
username: admin

password: admin

Now create a unique token and copy that token into N...

TBD

Jenkins configuration

TBD

Install using Helm on OpenShift (OKD 4.15)

Warning, chart versions that didn't work:

bitnami/sonarqube       5.2.0         10.4.1  //Installs fine, unable to access

sonarqube/sonarqube     10.5.1+2816     10.5.1

sonarqube/sonarqube ~8

Only Helm 3 is supported.

helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube

helm repo update

sonarqube/sonarqube     10.5.1+2816     10.5.1

WARNING: This procedure didn't create any pod!

Create the openshift project (aka k8s namespace):

oc new-project sonar --display-name 'Sonar'

Install the helm chart:

helm upgrade sonar sonarqube/sonarqube --version '10.5.1+2816' --install --set initSysctl.enabled=false,initFs.enabled=false,containerSecurityContext.allowPrivilegeEscalation=false,containerSecurityContext.runAsNonRoot=true,containerSecurityContext.runAsUser="1000",containerSecurityContext.runAsGroup="0",containerSecurityContext.seccompProfile.type=RuntimeDefault,containerSecurityContext.capabilities.drop[0]="ALL"

bitnami/sonarqube    5.2.0    10.4.1

WARNING: This procedure didn't allow to access it!

Create the openshift project:

oc new-project sonarqube --display-name 'SonarQube'

Install the helm chart:

helm upgrade --install -n sonarqube --version "5.2.0" sonarqube bitnami/sonarqube

sonarqube/sonarqube    8.x.x    9.9 LTA

WARNING: This procedure didn't create any pod!

Create the openshift project (aka k8s namespace):

oc new-project sonar --display-name 'Sonar'

Install the helm chart:

helm upgrade --install -n sonar --version '~8' sonar sonarqube/sonarqube