# SonarQube
# Namespace
$ kubectl create namespace devops
# PV 和 PVC
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: sonarqube-pv
spec:
capacity:
storage: 5Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
nfs:
path: /backup/data/sonarqube
server: 10.16.16.41
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: sonarqube-data
namespace: devops
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
设置挂载目录权限
mkdir -p /backup/data/sonarqube/logs
mkdir -p /backup/data/sonarqube/data
mkdir -p /backup/data/sonarqube/extensions
chown -R 1000:1000 /backup/data/sonarqube
# Deployment
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
namespace: devops
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
securityContext:
fsGroup: 1000
initContainers:
- name: init-sysctl
image: busybox:1.36.1
imagePullPolicy: IfNotPresent
command:
- sh
- -c
- |
sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192
securityContext:
privileged: true
runAsUser: 0
containers:
- name: sonarqube
image: sonarqube:9.9.3-community
imagePullPolicy: IfNotPresent
env:
- name: SONAR_WEB_SYSTEMPASSCODE
value: sonarqube-monitoring-passcode
# 数据库连接相关信息
- name: SONAR_JDBC_USERNAME
value: sonar
- name: SONAR_JDBC_PASSWORD
value: password
- name: SONAR_JDBC_URL
value: jdbc:postgresql://pgsql:5432/sonar
- name: TZ
value: Asia/Shanghai
ports:
- containerPort: 9000
name: http
protocol: TCP
resources:
limits:
cpu: 800m
memory: 4Gi
requests:
cpu: 400m
memory: 2Gi
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop: ["ALL"]
livenessProbe:
exec:
command:
- sh
- -c
- |
host="$(hostname -i || echo '127.0.0.1')"
wget --no-proxy --quiet -O /dev/null --timeout=1 --header="X-Sonar-Passcode: ${SONAR_WEB_SYSTEMPASSCODE}" "http://${host}:9000/api/system/liveness"
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 1
failureThreshold: 6
readinessProbe:
exec:
command:
- sh
- -c
- |
#!/bin/bash
# A Sonarqube container is considered ready if the status is UP, DB_MIGRATION_NEEDED or DB_MIGRATION_RUNNING
# status about migration are added to prevent the node to be kill while sonarqube is upgrading the database.
host="$(hostname -i || echo '127.0.0.1')"
if wget --no-proxy -qO- http://${host}:9000/api/system/status | grep -q -e '"status":"UP"' -e '"status":"DB_MIGRATION_NEEDED"' -e '"status":"DB_MIGRATION_RUNNING"'; then
exit 0
fi
exit 1
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 1
failureThreshold: 6
startupProbe:
httpGet:
scheme: HTTP
path: /api/system/status
port: http
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 24
volumeMounts:
- mountPath: /opt/sonarqube/logs
name: data
subPath: logs
- mountPath: /opt/sonarqube/data
name: data
subPath: data
- mountPath: /opt/sonarqube/extensions
name: data
subPath: extensions
volumes:
- name: data
persistentVolumeClaim:
claimName: sonarqube-data
# Service
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube
namespace: devops
labels:
app: sonarqube
spec:
selector:
app: sonarqube
type: NodePort
ports:
- name: http
port: 9000
targetPort: http
nodePort: 30076