kubernetes 基于jenkins spinnaker的ci/cd实践二sonarqube

kubernetes 基于jenkins spinnaker的ci/cd实践二sonarqube

背景：

顺序有点乱了在ci/cd过程中应该是先进行代码的静态扫描再去进行扫描镜像的呢，就佛系的写了。反正步骤都是独立的。这里写一下sonarqube的安装与集成，估计实践的我还要好好研究一下！

helm安装sonarqube

参照官方文档：helm]# helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube [root@k8s-master-01 helm]# helm repo update

helm fetch包到本地

[root@k8s-master-01 helm]# helm search repo sonarqube [root@k8s-master-01 helm]# helm fetch sonarqube/sonarqube-lts

解压缩tgz包并修改value.yaml文件

[root@k8s-master-01 helm]# tar zxvf sonarqube-lts-1.0.20+140.tgz

helm install安装sonarqube到kube-ops namespace

[root@k8s-master-01 sonarqube-lts]# helm install sonarqube -f values.yaml . -n kube-ops

[root@k8s-master-01 anchore-engine1]# kubectl get svc -n kube-ops [root@k8s-master-01 anchore-engine1]# kubectl get pods -n kube-ops

ingress对外映射

ingress使用的traefik,详情参照：Kubernetes 1.20.5 安装traefik在腾讯云下的实践

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: sonarqube-sonarqube-lts namespace: kube-ops annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: web spec: rules: - host: sonarqube.xxxx.com http: paths: - pathType: Prefix path: / backend: service: name: sonarqube-sonarqube-lts port: number: 9000

web登陆sonarqube验证

jenkins集成sonar

参照：scanner。

jenkins配置sonarqube服务器

转到"管理Jenkins>系统配置"，向下滚动到SonarQube配置部分，单击Add SonarQube，添加服务器，选择凭据。

[root@k8s-master-01 anchore-engine1]# kubectl cp sonar-gitlab-plugin-4.1.0-SNAPSHOT.jar sonarqube-sonarqube-lts-0:/opt/sonarqube/lib/extensions/sonar-gitlab-plugin-4.1.0-SNAPSHOT.jar -n kube-ops Defaulted container "sonarqube-lts" out of: sonarqube-lts, wait-for-db (init), init-sysctl (init), inject-prometheus-exporter (init) [root@k8s-master-01 anchore-engine1]# kubectl exec -it sonarqube-sonarqube-lts-0 bash -n kube-ops kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. Defaulted container "sonarqube-lts" out of: sonarqube-lts, wait-for-db (init), init-sysctl (init), inject-prometheus-exporter (init) bash-5.0$ cd /opt/sonarqube/lib/extensions/ bash-5.0$ ls sonar-csharp-plugin-8.22.0.31243.jar sonar-go-plugin-1.8.3.2219.jar sonar-javascript-plugin-7.4.4.15624.jar sonar-ruby-plugin-1.8.3.2219.jar sonar-css-plugin-1.4.2.2002.jar sonar-html-plugin-3.4.0.2754.jar sonar-kotlin-plugin-1.8.3.2219.jar sonar-scala-plugin-1.8.3.2219.jar sonar-flex-plugin-2.6.1.2564.jar sonar-jacoco-plugin-1.1.1.1157.jar sonar-php-plugin-3.17.0.7439.jar sonar-vbnet-plugin-8.22.0.31243.jar sonar-gitlab-plugin-4.1.0-SNAPSHOT.jar sonar-java-plugin-6.15.1.26025.jar sonar-python-plugin-3.4.1.8066.jar sonar-xml-plugin-2.2.0.2973.jar

我的jenkins build节点

我的jenkins是部署在kubernetes集群中的，嗯集群的cri用了containerd....故构建我用了一台单独的服务器安装了docker做build节点使用了jnlp的方式启动一个jar程序包！,嗯主机节点命名是build01。个人习惯 build（嗯算是soft软件吧）的包都扔到/data/ci/buildtools目录下了，改名也是个人习惯忽略......

[root@k8s-node-06 buildtools]# pwd /data/ci/buildtools [root@k8s-node-06 buildtools]# wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip [root@k8s-node-06 buildtools]# unzip sonar-scanner-cli-4.6.2.2472-linux.zip [root@k8s-node-06 buildtools]#mv sonar-scanner-cli-4.6.2.2472-linux.zip sonar-scanner

修改/etc/profile加入环境

vim /etc/profile export SONAR_SCANNER_HOME=/data/ci/buildtools/sonar-scanner export PATH=$SONAR_SCANNER_HOME/bin:$PATH source /etc/profile

sonar pipeline demo

搞一个java的demo

gitlab中仓库以及测试代码

def buildTools = ["maven": "/usr/local/maven/", "sonar" : "/data/ci/buildtools/sonar-scanner/"] pipeline { agent { label "build01" } options { skipDefaultCheckout true } stages { stage("GetCode"){ steps{ script{ println("下载代码 --> 分支： ${env.branchName}") checkout([$class: 'GitSCM', branches: [[name: "${env.branchName}"]], extensions: [], userRemoteConfigs: [[credentialsId: 'gitlab-admin-user', url: "${env.gitHttpURL}"]]]) } } } stage("Build"){ steps { script { //sh "/usr/local/maven/bin/mvn clean package" sh "${buildTools["maven"]}/bin/mvn clean package" } } } stage("SonarScanForPlugin"){ steps{ script{ withSonarQubeEnv("sonarqube-1"){ def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S' sonarDate = sonarDate - "\n" sh """ ${buildTools["sonar"]}/bin/sonar-scanner \ -Dsonar.projectKey=${JOB_NAME} \ -Dsonar.projectName=${JOB_NAME} \ -Dsonar.projectVersion=${sonarDate} \ -Dsonar.ws.timeout=30 \ -Dsonar.projectDescription="my test project" \ -Dsonar.links.homepage=\ -Dsonar.sources=src \ -Dsonar.sourceEncoding=UTF-8 \ -Dsonar.java.binaries=target/classes \ -Dsonar.java.test.binaries=target/test-classes \ -Dsonar.java.surefire.report=target/surefire-reports \ #echo \$PATH """ } } } } stage("UnitTest"){ steps{ script{ sh "${buildTools["maven"]}/bin/mvn test" } } post { success { script{ junit 'target/surefire-reports/*.xml' } } } } } post { always { script{ echo "always......" } } success { script { echo "success....." } } } }

关于jenkins job

构建任务

php项目

def buildTools = ["maven": "/usr/local/maven/", "sonar" : "/data/ci/buildtools/sonar-scanner/"] pipeline { agent { label "build01" } stages { stage("GetCode"){ agent { label "build01" } steps{ script{ println("下载代码 --> 分支： ${env.branchName}") checkout([$class: 'GitSCM', branches: [[name: "${env.branchName}"]], doGenerateSubmoduleConfigurations: false, extensions: [[$class: 'CloneOption', depth: 1, noTags: false, reference: '', shallow: true]], submoduleCfg: [], userRemoteConfigs: [[credentialsId: 'xxxxx', url: "${env.gitHttpURL}"]]]) } } } stage("SonarScanForPlugin"){ agent { label "build01" } when { environment name: 'xxxx', value: 'true' } steps{ script{ withSonarQubeEnv("sonarqube-1"){ def sonarDate = sh returnStdout: true, script: 'date +%Y%m%d%H%M%S' sonarDate = sonarDate - "\n" sh """ cd xxxx/html ${buildTools["sonar"]}/bin/sonar-scanner \ -Dsonar.projectKey=${JOB_NAME}-xxxxx \ -Dsonar.projectName=${JOB_NAME}-xxxx \ -Dsonar.projectVersion=${sonarDate} \ -Dsonar.ws.timeout=30 \ -Dsonar.language=php \ -Dsonar.projectDescription="my php project" \ -Dsonar.sources=. \ -Dsonar.sourceEncoding=UTF-8 \ #echo \$PATH """ } } } } stage('docker build laya-maker') { agent { label "build01" } when { environment name: 'xxxx', value: 'true' } steps { sh " cd laya-maker&&docker build -t ccr.ccs.tencentyun.com/xxxxx/xxxx:$data ." withCredentials([usernamePassword(credentialsId: 'xxxxx', passwordVariable: 'dockerPassword', usernameVariable: 'dockerUser')]) { sh "docker login -u ${dockerUser} -p ${dockerPassword} ccr.ccs.tencentyun.com" sh "docker push ccr.ccs.tencentyun.com/xxxxx/xxxx:$data" } } } } }

讲一下比较刺激的

总结：

本文着重于安装以及配置。实战要深入研究一下，也希望小伙伴能分享一下更多实战的例子让我学习一下......​

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。