DEV Community

Phil Nguyen
Phil Nguyen

Posted on

3 3

Local SonarQube 7.9.1-Community LTS On Kubernetes

https://gitlab.com/afireinside/kubernetes-sonarqube


Versions

As of this writing, the following versions have been used:

  • SonarQube 7.9.1-community LTS
  • Minikube 1.5.2
  • OSX 10.14.6 Mojave
  • Kubernetes 1.16.2
  • Docker 18.09.9

Description

SonarQube is a static analysis tool where it analyzes your code for bugs and code smells then shows you a nice report. The report includes why the lines chosen are bugs/code smells and what the recommended solution is.

Many coding languages are supported in the 7.9.1-community LTS version. I primarily use it for analyzing my Java code. The Java quality profile I prefer is FindBugs + FB Contrib.

Some of the benefits for having your own instance of SonarQube on your development machine include (but are not limited to)

  • being able to make changes to the quality profiles and gates
  • not using up the static analysis line limit if you're using an enterprise license
  • experimenting with different plugins to find what works for you
  • having a later version than what your enterprise version probably is
  • privatizing all your code smells and bugs so no one ever has to know
  • performing static analysis without making a commit or using up network bandwidth
  • not relying on a small set of admins to make impactful changes to the instance
  • etc

Installation

Lets hop into configuration and installation. This article assumes you have a Macbook laptop and Homebrew. Installation instructions are also available in the GitLab repository listed at the very top.

  1. First, you'll need Minikube (local Kubernetes cluster) and sonar-scanner (to perform static analysis)
    • brew install sonar-scanner
    • brew install minikube
  2. Configure Minikube to support the Sonar server and start the cluster (takes a few minutes)
    • minikube config set memory 4096
    • minikube config set cpus 2
    • minikube config set vm-driver hyperkit
    • minikube start
  3. Deploy your instance of SonarQube (will take a few minutes for pods to fully warm up and load SonarQube)
    • kubectl create secret generic postgres-pwd --from-literal=password={some made up password} Remember to change the password. It can be anything you want
    • kubectl create -f sonar-pv-postgres.yml
    • kubectl create -f sonar-pvc-postgres.yml
    • kubectl create -f sonar-postgres-deployment.yml
    • kubectl create -f sonarqube-deployment.yml
    • kubectl create -f sonarqube-service.yml
    • kubectl create -f sonar-postgres-service.yml
  4. Once all the pods are up and running, view your SonarQube instance (this will open a new browser tab with SonarQube). Default username/password is admin/amin
    • minikube service sonar

Perform static analysis

Java

  1. In the root of your Java project, add an empty sonar-project.properties file. The sonar-scanner service will be looking for this file when performing static analysis.
  2. Paste the following into the newly created sonar-project.properties file:
sonar.projectKey={name of project}
sonar.host.url=http://192.168.##.##:##### (url from minikube service sonar command)
sonar.login=${env.SONAR_TOKEN}
sonar.java.binaries=build/classes
sonar.sources=src/main/java

An example config would look like the following:

sonar.projectKey=notificationemailproc
sonar.host.url=http://192.168.64.9:31828
sonar.login=${env.SONAR_TOKEN}
sonar.java.binaries=build/classes
sonar.sources=src/main/java
  1. Create and copy a new SonarQube token by going to the SonarQube instance in the browser and navigating to
    My Account -> Security tab -> Enter Token Name -> Generate -> Copy token generated

  2. In your .bashrc or .zshrc file, add the following line:

    • export SONAR_TOKEN={SonarQube token that was just copied}
  3. Reload your rc file

    • source ~/.bashrc or source ~/.zshrc
  4. Run sonar-scanner in the project root directory. Once static analysis is finished, you can view the results in your SonarQube instance in the browser.


Useful plugins

  • FindBugs
  • Checkstyle
  • Mutation Analysis

Thanks for reading!

Any questions, comments, or concerns, feel free to send me an email at philip.c.nguyen@gmail.com

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay