UNCLASSIFIED

Skip to content

GitLab

Commit 5e3eaacb authored by Karpagam Balan's avatar Karpagam Balan
Browse files

Initial Commit of Sonarqube

parent 72957eec
Hide whitespace changes
Inline Side-by-side
Showing with 815 additions and 1 deletion
CHANGELOG.md 0 → 100644
View file @ 5e3eaacb
# Changelog
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
## [0.0.1] - 2020-06-3
Upgraded to upstream version 8.3-community [Version 8.3.1 (build 34397)]
CODEOWNERS 0 → 100644
View file @ 5e3eaacb
* @big-bang
CONTRIBUTING.md 0 → 100644
View file @ 5e3eaacb
# Contributing
Thanks for contributing to this repository!
This repository follows the following conventions:
* [Semantic Versioning](https://semver.org/)
* [Keep a Changelog](https://keepachangelog.com/)
* [Conventional Commits](https://www.conventionalcommits.org/)
Development requires the Kubernetes CLI tool as well as a local Kubernetes cluster. [KIND](https://github.com/kubernetes-sigs/kind) is recommended as a lightweight local option for standing up Kubernetes clusters.
To contribute a change:
1. Create a branch on the cloned repository with a descriptive name, prefixed with your name. For example, `gd/add-ingress` is an appropriate branch name.
2. Make the changes in code.
3. Write tests using [KUTTL](https://kuttl.dev) and [Conftest](https://conftest.dev)
4. Make commits using the [Conventional Commits](https://www.conventionalcommits.org/) format. This helps with automation for changelog. Update `CHANGELOG.md` in the same commit using the [Keep a Changelog](https://keepachangelog.com). Depending on tooling maturity, this step may be automated.
5. Open a merge request using one of the provided templates. If this merge request is solving a preexisting issue, add the issue reference into the description of the MR.
6. During this time, ensure that all new commits are rebased into your branch so that it remains up to date with the `development` branch.
7. Wait for a maintainer of the repository (see CODEOWNERS) to approve.
8. If you have permissions to merge, you are responsible for merging. Otherwise, a CODEOWNER will merge the commit.
README.md
View file @ 5e3eaacb
# sonarqube
# Big Bang Sonarqube
Upstream version - 8.3 community [Version 8.3.1 (build 34397)]
[Sonarqube](https://docs.sonarqube.org/latest/) is a tool for static code analysis
## Pre-requisites
* kubectl
## Getting Started
** Please note that appropriate secrets (listed below) should be defined before the sonarqube pod is able to connect to the postgres database and is able to function properly.
Sonarqube needs three environment variables to access the postgres database.
SONARQUBE_JDBC_URL - URL for the postgres database to use
SONARQUBE_JDBC_USERNAME - username to access the postgres database
SONARQUBE_JDBC_PASSWORD - password for the above user
These need to be added in as Kubernetes secrets and mounted into the sonarqube pod https://kubernetes.io/docs/concepts/configuration/secret/.
To run Sonarqube, clone this repository, add the secrets, volumes, volumeMounts and env to set values for the above variables.
After the above secrets are incorporated into the sonarqube/ manifests, to deploy Sonarqube run:
```bash
$ kubectl apply -k sonarqube/
```
## Contributing
To contribute to Big Bang Sonarqube, see the [Contributing Guide](CONTRIBUTING.md).
kustomization.yaml 0 → 100755
View file @ 5e3eaacb
namespace: sonarqube
commonLabels:
app: sonarqube
resources:
- namespace.yaml
- sonar-template.yaml
namespace.yaml 0 → 100755
View file @ 5e3eaacb
apiVersion: v1
kind: Namespace
metadata:
name: sonarqube
sonar-template.yaml 0 → 100644
View file @ 5e3eaacb
# Source: sonarqube/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-config
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
---
# Source: sonarqube/templates/copy-plugins.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-copy-plugins
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
copy_plugins.sh: |-
#!/bin/bash
for f in /opt/sonarqube/extensions/plugins/tmp/*.jar
do
file=${f##*/} && file=${file%-[0-9]*}
for original in /opt/sonarqube/extensions/plugins/*.jar
do
originalfile=${original##*/} && originalfile=${originalfile%-[0-9]*}
if [ "$originalfile" = "$file" ]; then
rm -f "$original"
fi
done
done
cp /opt/sonarqube/extensions/plugins/tmp/*.jar /opt/sonarqube/extensions/plugins/
/opt/sonarqube/bin/run.sh
---
# Source: sonarqube/templates/install-plugins.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-install-plugins
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
install_plugins.sh: |-
cd /opt/sonarqube/extensions/plugins/tmp
---
# Source: sonarqube/templates/tests/test-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-tests
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
run.sh: |-
@test "Testing Sonarqube UI is accessible" {
curl --connect-timeout 5 --retry 12 --retry-delay 1 --retry-max-time 60 sonarqube-sonarqube:9000/sessions/new
}
---
# Source: sonarqube/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: sonarqube-sonarqube
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: http
protocol: TCP
name: http
selector:
app: sonarqube
release: sonarqube
---
# Source: sonarqube/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube-sonarqube
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
release: sonarqube
template:
metadata:
labels:
app: sonarqube
release: sonarqube
spec:
securityContext:
fsGroup: 999
initContainers:
- name: chmod-volume-mounts
image: busybox:1.31
command:
- "sh"
- "-c"
- 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs) &&
chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)'
volumeMounts:
- mountPath: /opt/sonarqube/temp
name: sonarqube
subPath: temp
- mountPath: /opt/sonarqube/logs
name: sonarqube
subPath: logs
- mountPath: /opt/sonarqube/data
name: sonarqube
subPath: data
- mountPath: /opt/sonarqube/extensions/plugins/tmp
name: sonarqube
subPath: tmp
- mountPath: /opt/sonarqube/extensions/downloads
name: sonarqube
subPath: downloads
- mountPath: /opt/sonarqube/extensions/plugins
name: sonarqube
subPath: plugins
- name: init-sysctl
image: busybox:1.31
securityContext:
privileged: true
command:
- /bin/sh
- -c
- 'if [[ "$(sysctl -n vm.max_map_count)" -lt 262144 ]]; then sysctl -w vm.max_map_count=262144; fi'
containers:
- name: sonarqube
image: registry.dsop.io/platform-one/apps/sonarqube/sonarqube:8.3-community
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9000
protocol: TCP
env:
- name: SONARQUBE_WEB_JVM_OPTS
value: ""
- name: SONARQUBE_JDBC_USERNAME
- name: SONARQUBE_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: sonarqube-postgresql
key: postgresql-password
- name: SONARQUBE_JDBC_URL
livenessProbe:
httpGet:
path: /sessions/new
port: http
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /sessions/new
port: http
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
volumeMounts:
- mountPath: /opt/sonarqube/data
name: sonarqube
subPath: data
- mountPath: /opt/sonarqube/extensions/plugins/tmp
name: sonarqube
subPath: tmp
- mountPath: /opt/sonarqube/extensions/downloads
name: sonarqube
subPath: downloads
- mountPath: /opt/sonarqube/extensions/plugins
name: sonarqube
subPath: plugins
- mountPath: /opt/sonarqube/temp
name: sonarqube
subPath: temp
- mountPath: /opt/sonarqube/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
- name: copy-plugins
mountPath: /tmp/scripts
resources:
{}
volumes:
- name: install-plugins
configMap:
name: sonarqube-sonarqube-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
- name: copy-plugins
configMap:
name: sonarqube-sonarqube-copy-plugins
defaultMode: 0755
items:
- key: copy_plugins.sh
path: copy_plugins.sh
- name: sonarqube
emptyDir: {}
- name : tmp-dir
emptyDir: {}
---
# Source: sonarqube/templates/tests/sonarqube-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: "sonarqube-ui-test"
annotations:
"helm.sh/hook": test-success
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
initContainers:
- name: "test-framework"
image: dduportal/bats:0.4.0
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: sonarqube-ui-test
image: registry.dsop.io/platform-one/apps/sonarqube/sonarqube:8.3-community
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: sonarqube-sonarqube-tests
- name: tools
emptyDir: {}
restartPolicy: Never
sonar-template.yaml.orig 0 → 100644
View file @ 5e3eaacb
---
# Source: sonarqube/charts/postgresql/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: sonarqube-postgresql
labels:
app: postgresql
chart: postgresql-8.2.0
release: "sonarqube"
heritage: "Helm"
type: Opaque
data:
postgresql-password: ""
---
# Source: sonarqube/templates/config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-config
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
---
# Source: sonarqube/templates/copy-plugins.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-copy-plugins
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
copy_plugins.sh: |-
#!/bin/bash
for f in /opt/sonarqube/extensions/plugins/tmp/*.jar
do
file=${f##*/} && file=${file%-[0-9]*}
for original in /opt/sonarqube/extensions/plugins/*.jar
do
originalfile=${original##*/} && originalfile=${originalfile%-[0-9]*}
if [ "$originalfile" = "$file" ]; then
rm -f "$original"
fi
done
done
cp /opt/sonarqube/extensions/plugins/tmp/*.jar /opt/sonarqube/extensions/plugins/
/opt/sonarqube/bin/run.sh
---
# Source: sonarqube/templates/install-plugins.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-install-plugins
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
install_plugins.sh: |-
cd /opt/sonarqube/extensions/plugins/tmp
---
# Source: sonarqube/templates/tests/test-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: sonarqube-sonarqube-tests
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
data:
run.sh: |-
@test "Testing Sonarqube UI is accessible" {
curl --connect-timeout 5 --retry 12 --retry-delay 1 --retry-max-time 60 sonarqube-sonarqube:9000/sessions/new
}
---
# Source: sonarqube/charts/postgresql/templates/svc-headless.yaml
apiVersion: v1
kind: Service
metadata:
name: sonarqube-postgresql-headless
labels:
app: postgresql
chart: postgresql-8.2.0
release: "sonarqube"
heritage: "Helm"
spec:
type: ClusterIP
clusterIP: None
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
selector:
app: postgresql
release: "sonarqube"
---
# Source: sonarqube/charts/postgresql/templates/svc.yaml
apiVersion: v1
kind: Service
metadata:
name: sonarqube-postgresql
labels:
app: postgresql
chart: postgresql-8.2.0
release: "sonarqube"
heritage: "Helm"
spec:
type: ClusterIP
ports:
- name: tcp-postgresql
port: 5432
targetPort: tcp-postgresql
selector:
app: postgresql
release: "sonarqube"
role: master
---
# Source: sonarqube/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: sonarqube-sonarqube
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
type: ClusterIP
ports:
- port: 9000
targetPort: http
protocol: TCP
name: http
selector:
app: sonarqube
release: sonarqube
---
# Source: sonarqube/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube-sonarqube
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
release: sonarqube
template:
metadata:
labels:
app: sonarqube
release: sonarqube
spec:
securityContext:
fsGroup: 999
initContainers:
- name: chmod-volume-mounts
image: busybox:1.31
command:
- "sh"
- "-c"
- 'mkdir -p $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs) &&
chown 999:999 -R $(printf "/opt/sonarqube/${1-%s\n}" temp logs data extensions/downloads extensions/plugins/tmp extensions/plugins certs)'
volumeMounts:
- mountPath: /opt/sonarqube/temp
name: sonarqube
subPath: temp
- mountPath: /opt/sonarqube/logs
name: sonarqube
subPath: logs
- mountPath: /opt/sonarqube/data
name: sonarqube
subPath: data
- mountPath: /opt/sonarqube/extensions/plugins/tmp
name: sonarqube
subPath: tmp
- mountPath: /opt/sonarqube/extensions/downloads
name: sonarqube
subPath: downloads
- mountPath: /opt/sonarqube/extensions/plugins
name: sonarqube
subPath: plugins
- name: init-sysctl
image: busybox:1.31
securityContext:
privileged: true
command:
- /bin/sh
- -c
- 'if [[ "$(sysctl -n vm.max_map_count)" -lt 262144 ]]; then sysctl -w vm.max_map_count=262144; fi'
containers:
- name: sonarqube
image: registry.dsop.io/platform-one/apps/sonarqube/sonarqube:8.3-community
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 9000
protocol: TCP
env:
- name: SONARQUBE_WEB_JVM_OPTS
value: ""
- name: SONARQUBE_JDBC_USERNAME
value: "sonarUser"
- name: SONARQUBE_JDBC_PASSWORD
valueFrom:
secretKeyRef:
name: sonarqube-postgresql
key: postgresql-password
- name: SONARQUBE_JDBC_URL
value: "jdbc:postgresql://sonarqube-postgresql:5432/sonarDB"
livenessProbe:
httpGet:
path: /sessions/new
port: http
initialDelaySeconds: 60
periodSeconds: 30
readinessProbe:
httpGet:
path: /sessions/new
port: http
initialDelaySeconds: 60
periodSeconds: 30
failureThreshold: 6
volumeMounts:
- mountPath: /opt/sonarqube/data
name: sonarqube
subPath: data
- mountPath: /opt/sonarqube/extensions/plugins/tmp
name: sonarqube
subPath: tmp
- mountPath: /opt/sonarqube/extensions/downloads
name: sonarqube
subPath: downloads
- mountPath: /opt/sonarqube/extensions/plugins
name: sonarqube
subPath: plugins
- mountPath: /opt/sonarqube/temp
name: sonarqube
subPath: temp
- mountPath: /opt/sonarqube/logs
name: sonarqube
subPath: logs
- mountPath: /tmp
name: tmp-dir
- name: copy-plugins
mountPath: /tmp/scripts
resources:
{}
volumes:
- name: install-plugins
configMap:
name: sonarqube-sonarqube-install-plugins
items:
- key: install_plugins.sh
path: install_plugins.sh
- name: copy-plugins
configMap:
name: sonarqube-sonarqube-copy-plugins
defaultMode: 0755
items:
- key: copy_plugins.sh
path: copy_plugins.sh
- name: sonarqube
emptyDir: {}
- name : tmp-dir
emptyDir: {}
---
# Source: sonarqube/charts/postgresql/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: sonarqube-postgresql
labels:
app: postgresql
chart: postgresql-8.2.0
release: "sonarqube"
heritage: "Helm"
spec:
serviceName: sonarqube-postgresql-headless
replicas: 1
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: postgresql
release: "sonarqube"
role: master
template:
metadata:
name: sonarqube-postgresql
labels:
app: postgresql
chart: postgresql-8.2.0
release: "sonarqube"
heritage: "Helm"
role: master
spec:
securityContext:
fsGroup: 1001
initContainers:
- name: init-chmod-data
image: docker.io/bitnami/minideb:stretch
imagePullPolicy: "Always"
resources:
requests:
cpu: 250m
memory: 256Mi
command:
- /bin/sh
- -c
- |
mkdir -p /bitnami/postgresql/data
chmod 700 /bitnami/postgresql/data
find /bitnami/postgresql -mindepth 0 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | \
xargs chown -R 1001:1001
chmod -R 777 /dev/shm
securityContext:
runAsUser: 0
volumeMounts:
- name: data
mountPath: /bitnami/postgresql
subPath:
- name: dshm
mountPath: /dev/shm
containers:
- name: sonarqube-postgresql
image: docker.io/bitnami/postgresql:11.6.0-debian-10-r0
imagePullPolicy: "IfNotPresent"
resources:
requests:
cpu: 250m
memory: 256Mi
securityContext:
runAsUser: 1001
env:
- name: BITNAMI_DEBUG
value: "false"
- name: POSTGRESQL_PORT_NUMBER
value: "5432"
- name: POSTGRESQL_VOLUME_DIR
value: "/bitnami/postgresql"
- name: PGDATA
value: "/bitnami/postgresql/data"
- name: POSTGRES_USER
value: "sonarUser"
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: sonarqube-postgresql
key: postgresql-password
- name: POSTGRES_DB
value: "sonarDB"
- name: POSTGRESQL_ENABLE_LDAP
value: "no"
- name: ALLOW_EMPTY_PASSWORD
value: "yes"
ports:
- name: tcp-postgresql
containerPort: 5432
livenessProbe:
exec:
command:
- /bin/sh
- -c
- exec pg_isready -U "sonarUser" -d "sonarDB" -h 127.0.0.1 -p 5432
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/sh
- -c
- -e
- |
exec pg_isready -U "sonarUser" -d "sonarDB" -h 127.0.0.1 -p 5432
[ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ]
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
volumeMounts:
- name: dshm
mountPath: /dev/shm
- name: data
mountPath: /bitnami/postgresql
subPath:
volumes:
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 1Gi
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: "8Gi"
---
# Source: sonarqube/templates/tests/sonarqube-test.yaml
apiVersion: v1
kind: Pod
metadata:
name: "sonarqube-ui-test"
annotations:
"helm.sh/hook": test-success
labels:
app: sonarqube
chart: sonarqube-5.2.1
release: sonarqube
heritage: Helm
spec:
initContainers:
- name: "test-framework"
image: dduportal/bats:0.4.0
command:
- "bash"
- "-c"
- |
set -ex
# copy bats to tools dir
cp -R /usr/local/libexec/ /tools/bats/
volumeMounts:
- mountPath: /tools
name: tools
containers:
- name: sonarqube-ui-test
image: registry.dsop.io/platform-one/apps/sonarqube/sonarqube:8.3-community
command: ["/tools/bats/bats", "-t", "/tests/run.sh"]
volumeMounts:
- mountPath: /tests
name: tests
readOnly: true
- mountPath: /tools
name: tools
volumes:
- name: tests
configMap:
name: sonarqube-sonarqube-tests
- name: tools
emptyDir: {}
restartPolicy: Never
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

UNCLASSIFIED