UNCLASSIFIED

Skip to content

GitLab

Commit 4cd1669f authored by kevin.wilder's avatar kevin.wilder
Browse files

standardize documentation

parent 049ff9c2
Hide whitespace changes
Inline Side-by-side
Showing with 76 additions and 118 deletions
README.md
View file @ 4cd1669f
# Sonarqube 8.3 Community version [Version 8.3.1 (build 34397)] with auth-oidc 2.0.0 plugin # Sonarqube
This repo contains manifests to deploy Sonarqube static code analysis tool into a Kubernetes cluster. See the [README in the *docs* folder](docs/README.md) for documentation
Additional docs for using Sonarqube and its plugins can be found at https://docs.sonarqube.org/latest/ Copy the *deploy* folder into the appropriate spot in your bootstrap repo to add Sonarqube to your deployment. Be sure to check the docs for additional instructions.
## Usage
### Pre-requisites
* Kubernetes cluster deployed
* kubectl configuration installed
Install kubectl
```
brew install kubectl
```
Install kustomize
```
brew install kustomize
```
### Deployment
Clone repository
```
git clone https://repo1.dsop.io/platform-one/apps/sonarqube.git
```
```
cd sonarqube
```
Please note that appropriate secrets (listed below) should be defined before the sonarqube pod is able to connect to the postgres database and is able to function properly.
Sonarqube needs three environment variables to access the postgres database.
SONARQUBE_JDBC_URL - URL for the postgres database to use
SONARQUBE_JDBC_USERNAME - username to access the postgres database
SONARQUBE_JDBC_PASSWORD - password for the above user
These need to be added in as Kubernetes secrets and mounted into the sonarqube pod https://kubernetes.io/docs/concepts/configuration/secret/.
To deploy Sonarqube, add the secrets, volumes, volumeMounts and env to set values for the above variables.
After the above secrets are incorporated into the sonarqube/ manifests, to deploy Sonarqube apply the kustomized manifest:
```
kubectl apply -k sonarqube/
```
### IMPORTANT Default Admin Credentials
When installing SonarQube, a default user with administrator privileges is created automatically:
Login: admin
Password: admin
For security reasons the administrator password should be changed. This can be done from the SonarQube dashboard by following these steps:
1)Log in to the SonarQube dashboard.
2)Under the “User Name” dropdown menu in the upper right corner, click on “My Account”.
3)Select the “Security” tab.
4)Enter your old password and enter your new password twice to confirm the change.
5)Click the “Change password” button.
## Contributing
To contribute to Big Bang Sonarqube, see the [Contributing Guide](CONTRIBUTING.md).
## References
Docker image https://dcar.dsop.io/repomap/sonarsource/sonarqube/sonarqube8-community SHA tag - sha256:7356de08b61c240302aa91040a7abea1ebea190afb2d14f35191e272ddbc712a
docs/LOGGING.md docs/ECK.md
View file @ 4cd1669f
# Logging # Logging
# Pre-requisites # Pre-requisites
...@@ -79,4 +78,4 @@ The number of Lines of Code (for licensing purposes) in an instance can be found ...@@ -79,4 +78,4 @@ The number of Lines of Code (for licensing purposes) in an instance can be found
Further logging information can be found in the sonarqube configuration file. For details run the following command: Further logging information can be found in the sonarqube configuration file. For details run the following command:
``kubectl exec sonarqube-sonarqube-5dd795f449-xxxx -n sonarqube -- cat ./conf/sonar.properties`` ```kubectl exec sonarqube-sonarqube-5dd795f449-xxxx -n sonarqube -- cat ./conf/sonar.properties``
docs/Keycloak.md 0 → 100644
View file @ 4cd1669f
# Keycloak integration for Sonarqube
1. Login to Sonarqube with default admin credentials username: admin password: admin
2. In Adminstration->General
set Server base URL to Sonarqube URL
(for ex: https:/sonarqube.dsop.io) without a trailing /
3. On a different tab on the browser, login to keycloak realm
- From Clients choose the sonarqube client and note the Client id
- Set Root URL to empty string
- Set Valid Redirect URI to
```https://<sonarqube url>/*```
(for ex: https://sonarqube.dsop.io/*)
- Set Base URI to Sonarqube URL
(for ex: https://sonarqube.dsop.io) without a trailing /
- On Clients-<Sonarqube Client>->Credentials regenerate the secret and note it down
- On Clients-<Sonarqube Client>->ClientScopes->Sonarqube->Mappers
- Click Add Builtin and add "groups" scope
- On Users, click "Add User" and enter
- Username - <username of the admin user>
- email - must have @admin.mil id
- First name
- Last name
- Email Verified - On
- Save
- On Users, on the Credentials tab and set password
- On Users, on the Groups tab and join Impact Level2 Authorized and System Admins IL2
4. In Administration-> Security Set OpenID Connect to enabled
- Issuer URI to https://keycloak.fences.dsop.io/auth/realms/baby-yoda
- ClientId noted from keycloak above
- ClientSecret regeneretaed from keycloak above
- Scopes - openid Sonarqube
5. Logout of sonarqube and log back in with the username created above by clicking on oidc login
6. Logout of sonarqube and log back in with the username admin and password admin
7. Go to Administration->Security->Users and add username created above to sonar-admin group
8. Go to Administration->Security->Users and delete admin user
9. Logout of Sonarqune and login with username and password created in keycloak
docs/Prometheus.md 0 → 100644
View file @ 4cd1669f
# Sonarqube integration with Prometheus
Prometheus integration is pending. Placeholder for future documentation.
Sonarqube does not have built-in support for a ```/metrics``` endpoint for Prometheus integration. A metrics exporter plugin is required.
For example [https://github.com/dmeiners88/sonarqube-prometheus-exporter](https://github.com/dmeiners88/sonarqube-prometheus-exporter)
\ No newline at end of file
docs/README.md
View file @ 4cd1669f
# Sonarqube 8.3 Community version [Version 8.3.1 (build 34397)] with auth oidc 2.0.0 plugin # Sonarqube 8.3 Community version [Version 8.3.1 (build 34397)] with auth oidc 2.0.0 plugin
This repo contains manifests to deploy Sonarqube static code analysis tool into a Kubernetes cluster. ## Table Of Contents
Additional docs for using Sonarqube and its plugins can be found at <https://docs.sonarqube.org/latest/>
## Usage
### Pre-requisites
* Kubernetes cluster deployed
* kubectl configuration installed
Install kubectl - Application Overview
- Usage
- Integrations
- Prometheus
- ECK
- Keycloak
- Troubleshooting Tips
`` ### Application Overview
brew install kubectl
``
Install kustomize This repo contains manifests to deploy Sonarqube static code analysis tool into a Kubernetes cluster.
Additional docs for using Sonarqube and its plugins can be found at <https://docs.sonarqube.org/latest/>
``
brew install kustomize
``
### Deployment
Clone repository
`` ### Usage
git clone https://repo1.dsop.io/platform-one/apps/sonarqube.git
``
`` #### Deployment Notes
cd sonarqube
``
Please note the settings applied in the file "sonar.properties" since they override any settings applied through the UI. [Documentation can be found here](https://docs.sonarqube.org/latest/setup/operate-cluster/#header-8) with additional properties shown in the Sonarqube instance's settings page. Please note the settings applied in the file "sonar.properties" since they override any settings applied through the UI. [Documentation can be found here](https://docs.sonarqube.org/latest/setup/operate-cluster/#header-8) with additional properties shown in the Sonarqube instance's settings page.
...@@ -54,14 +39,9 @@ SONARQUBE_JDBC_PASSWORD - password for the above user ...@@ -54,14 +39,9 @@ SONARQUBE_JDBC_PASSWORD - password for the above user
These need to be added in as Kubernetes secrets and mounted into the sonarqube pod <https://kubernetes.io/docs/concepts/configuration/secret/>. These need to be added in as Kubernetes secrets and mounted into the sonarqube pod <https://kubernetes.io/docs/concepts/configuration/secret/>.
To deploy Sonarqube, add the secrets, volumes, volumeMounts and env to set values for the above variables.
After the above secrets are incorporated into the sonarqube/ manifests, to deploy Sonarqube apply the kustomized manifest:
``
kubectl apply -k sonarqube/
``
### IMPORTANT Default Admin Credentials #### Default Admin Credentials
When installing SonarQube, a default user with administrator privileges is created automatically: When installing SonarQube, a default user with administrator privileges is created automatically:
...@@ -80,10 +60,22 @@ For security reasons the administrator password should be changed. This can be d ...@@ -80,10 +60,22 @@ For security reasons the administrator password should be changed. This can be d
5)Click the “Change password” button. 5)Click the “Change password” button.
## Contributing
To contribute to Big Bang Sonarqube, see the [Contributing Guide](CONTRIBUTING.md). ### Integrations
#### [Prometheus.md](Prometheus.md)
- Configuration items
- List of metrics gathered
- Useful queries [living list]
## References #### [ECK.md](ECK.md)
- Configuration items
- Fluentd Pipelines
- Important Logs
- Useful queries [living list]
Docker image <https://dcar.dsop.io/repomap/sonarsource/sonarqube/sonarqube8-community> SHA tag - sha256:7356de08b61c240302aa91040a7abea1ebea190afb2d14f35191e272ddbc712a #### [Keycloak.md](Keycloak.md)
- Configuration items
- Add new groups
- Claim information
- OiD / SAML application items
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED