Code quality scanning using SonarQube
We use SonarQube
in our CI/CD pipelines, don't you?
Setup
For the purpose of this blog post we'll be using a Google Kubernetes Engine cluster with external-dns
configured to manage our Google Cloud DNS records
and cert-manager
deployed and configured for issueing ACME certificates to secure our ingress-nginx
objects.
We're going to deploy Keycloak charts for interfacing with our Identity Provider then deploy the SonarQube charts and configure SAML with our keycloak
deployment.
Keycloak
Time to get our hands dirty, starting off with the keycloak
deployment:
kubectl create namespace keycloak
kubectl create secret generic keycloak-postgresql \
--from-literal=postgresql-password=$(openssl rand -base64 32) \
--from-literal=postgresql-replication-password=$(openssl rand -base64 32)
helm install --namespace keycloak keycloak \
--set keycloak.ingress.enabled=true \
--set keycloak.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set keycloak.ingress.annotations."cert-manager\.io/cluster-issuer"= letsencrypt-prod
--set keycloak.ingress.hosts[0]=keycloak.k8s.yields.io \
--set keycloak.ingress.tls[0].hosts[0]=keycloak.k8s.yields.io \
--set keycloak.ingress.tls[0].secretName=tls-keycloak \
--set keycloak.persistence.dbVendor=postgres \
--set keycloak.persistence.deployPostgres=true \
--set postgresql.postgresqlUser=keycloak \
--set postgresql.existingSecret=keycloak-postgresql \
--set postgresql.postgresqlDatabase=keycloak \
--set postgresql.persistence.enabled=true \
--set postgresql.replication.enabled=true \
--set postgresql.replication.slaveReplicas=2 \
--set postgresql.replication.synchronousCommit="on" \
--set postgresql.replication.numSynchronousReplicas=1 \
--set postgresql.metrics.enabled=true \
codecentric/keycloak
SonarQube
kubectl create namespace sonarqube
kubectl create secret generic -n sonarqube sonarqube-postgresql \
--from-literal=postgresql-password=$(openssl rand -base64 32) \
--from-literal=postgresql-replication-password=$(openssl rand -base64 32)
helm install sonarqube -n sonarqube \
--set ingress.enabled=true \
--set keycloak.ingress.annotations."kubernetes\.io/ingress\.class"=nginx \
--set ingress.annotations."cert-manager\.io/cluster-issuer"=letsencrypt-prod \
--set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-body-size"="0" \
--set ingress.annotations."nginx\.ingress\.kubernetes\.io/proxy-max-temp-file-size"="0" \
--set ingress.hosts[0].name=sonarqube.k8s.yields.io \
--set ingress.hosts[0].path=/ \
--set ingress.tls[0].secretName=tls-sonarqube \
--set ingress.tls[0].hosts[0]=sonarqube.k8s.yields.io \
--set persistence.enabled=true \
--set postgresql.postgresqlUsername=sonarqube \
--set postgresql.existingSecret=sonarqube-postgresql \
--set postgresql.postgresqlDatabase=sonarqube \
--set postgresql.replication.enabled=true \
--set postgresql.replication.slaveReplicas=2 \
--set postgresql.replication.synchronousCommit="on" \
--set postgresql.replication.numSynchronousReplicas=1 \
--set postgresql.metrics.enabled=true \
--set sonarProperties."sonar\.log\.level"=INFO \
oteemocharts/sonarqube
...
Keycloak configuration
Keycloak Google IDP configuration
SonarQube SAML configuration
SonarQube python project configuration with tox
and coverage
Relax..