Code quality scanning using SonarQube
Don't you analyse your code?
We use SonarQube in our CI/CD pipelines, don't you?
Setup
For the purpose of this blog post we'll be using a Google Kubernetes Engine cluster with external-dns configured to manage our Google Cloud DNS records
and cert-manager deployed and configured for issueing ACME certificates to secure our ingress-nginx objects.
We're going to deploy Keycloak charts for interfacing with our Identity Provider then deploy the SonarQube charts and configure SAML with our keycloak deployment.
Keycloak
Time to get our hands dirty, starting off with the keycloak deployment:
kubectl create namespace keycloak
kubectl create secret generic keycloak-postgresql \
--from-literal=postgresql-password=$(openssl rand -base64 32) \
--from-literal=postgresql-replication-password=$(openssl rand -base64 32)
helm install --namespace keycloak keycloak \
--set keycloak.ingress.enabled=true \
--set keycloak.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set keycloak.ingress.annotations."cert-manager\.io/cluster-issuer"= letsencrypt-prod
--set keycloak.ingress.hosts[0]=keycloak.k8s.yields.io \
--set keycloak.ingress.tls[0].hosts[0]=keycloak.k8s.yields.io \
--set keycloak.ingress.tls[0].secretName=tls-keycloak \
--set keycloak.persistence.dbVendor=postgres \
--set keycloak.persistence.deployPostgres=true \
--set postgresql.postgresqlUser=keycloak \
--set postgresql.existingSecret=keycloak-postgresql \
--set postgresql.postgresqlDatabase=keycloak \
--set postgresql.persistence.enabled=true \
--set postgresql.replication.enabled=true \
--set postgresql.replication.slaveReplicas=2 \
--set postgresql.replication.synchronousCommit="on" \
--set postgresql.replication.numSynchronousReplicas=1 \
--set postgresql.metrics.enabled=true \
codecentric/keycloak
SonarQube
kubectl create namespace sonarqube
kubectl create secret generic -n sonarqube sonarqube-postgresql \
--from-literal=postgresql-password=$(openssl rand -base64 32) \
--from-literal=postgresql-replication-password=$(openssl rand -base64 32)
helm install sonarqube -n sonarqube \
--set ingress.enabled=true \
--set keycloak.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
--set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"="0" \
--set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-max-temp-file-size"="0" \
--set ingress.hosts[0].name=sonarqube.k8s.yields.io \
--set ingress.hosts[0].path=/ \
--set ingress.tls[0].secretName=tls-sonarqube \
--set ingress.tls[0].hosts[0]=sonarqube.k8s.yields.io \
--set persistence.enabled=true \
--set postgresql.postgresqlUsername=sonarqube \
--set postgresql.existingSecret=sonarqube-postgresql \
--set postgresql.postgresqlDatabase=sonarqube \
--set postgresql.replication.enabled=true \
--set postgresql.replication.slaveReplicas=2 \
--set postgresql.replication.synchronousCommit="on" \
--set postgresql.replication.numSynchronousReplicas=1 \
--set postgresql.metrics.enabled=true \
--set sonarProperties."sonar\.log\.level"=INFO \
oteemocharts/sonarqube
...
Keycloak configuration
Keycloak Google IDP configuration
SonarQube SAML configuration
SonarQube python project configuration with tox and coverage
Relax..