Sonar on k8s + Jenkins Integration

Static analysis is king in the SDLC world so let’s get a common one, Sonar, running in our pipeline.

Lets run a postgres db first. Since I’m fiddling with the k8s cluster all the time (and breaking it), looking at you angrily calico, and I’m going to be using the db for other things, I can’t risk losing data so I’m going to run sonar in my swarm.

So we have the below stack.yml. Just run in a swarm or run as compose file. Adminer is a little db interface if thats your thing.

docker stack deploy -c stack.yml postgres

After everything is up, check it via some tool (I used DBeaver)

I then created a seperate sonar db, schema and user so as not to tie everything to the postgres user but its not necessary.

Then we have to run below command as per the requirements for sonar in Docker Host Req

sysctl -w vm.max_map_count=262144
sysctl -w fs.file-max=65536
ulimit -n 65536
ulimit -u 4096

We then run the following yaml in our master. Basically create PVs (yes they are host PVs so maybe add a node selector to the deployment), related PVCs, sonar service and deployment. Nothing fancy in the deploy config as well, just some limits so Sonar doesn’t kill our node and db env vars.

Access sonar like below once everything spools up.

http://192.168.56.106:31485/projects

Integrating with Jenkins;

Get the sonarQube scanner plugin from jenkins,

<optional>

As we are (I sure am) approaching the limits of our pc, sometimes jenkins or sonar dies due to lack of resources. Deleting the related pod (restarts automatically after deletion) is enough in most cases.

To see how we are doing in the nodes in terms of ram I installed htop on all nodes.

yum -y install epel-release

OR, get metric server for k8s

kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.4.2/components.yaml

</optional>

Connect Jenkins and Sonar

Create a token from Sonar

In Jenkins management->Configure System

No trailing slash in the URL

Then use as credential

We also need a way back from Sonar to Jenkins so it can send analysis status back to Jenkins.

http://192.168.56.106:30007/sonarqube-webhook

Yay

Lets check the db just in case,

noice

Thats all, thanks for reading.