参考
https://www.cnblogs.com/ssgeek/p/11972773.html
下载sonarqube、postgres镜像
docker pull sonarqube:lts
docker tag sonarqube:lts harbor.uat.wuxingge.com.cn/uat/sonarqube:lts
docker push harbor.uat.wuxingge.com.cn/uat/sonarqube:lts
docker pull postgres:11.4
docker tag postgres:11.4 harbor.uat.wuxingge.com.cn/uat/postgres:11.4
docker push harbor.uat.wuxingge.com.cn/uat/postgres:11.4
部署postgresql
vim postgre_deploy_service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres-sonar
namespace: devops
labels:
app: postgres-sonar
spec:
replicas: 1
selector:
matchLabels:
app: postgres-sonar
template:
metadata:
labels:
app: postgres-sonar
spec:
containers:
- name: postgres-sonar
image: harbor.uat.wuxingge.com.cn/uat/postgres:11.4
imagePullPolicy: IfNotPresent
ports:
- containerPort: 5432
env:
- name: POSTGRES_DB
value: "sonarDB"
- name: POSTGRES_USER
value: "sonarUser"
- name: POSTGRES_PASSWORD
value: "123456"
# resources:
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumes:
- name: data
nfs:
server: 10.10.98.32
path: /devops/postgresql
---
apiVersion: v1
kind: Service
metadata:
name: postgres-sonar
namespace: devops
labels:
app: postgres-sonar
spec:
clusterIP: None
ports:
- port: 5432
protocol: TCP
targetPort: 5432
selector:
app: postgres-sonar
部署sonarqube
vim sonarqube_deploy_service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: sonarqube
namespace: devops
labels:
app: sonarqube
spec:
replicas: 1
selector:
matchLabels:
app: sonarqube
template:
metadata:
labels:
app: sonarqube
spec:
initContainers:
- name: init-sysctl
image: busybox
imagePullPolicy: IfNotPresent
command: ["sysctl", "-w", "vm.max_map_count=262144"]
securityContext:
privileged: true
containers:
- name: sonarqube
image: harbor.uat.wuxingge.com.cn/uat/sonarqube:lts
ports:
- containerPort: 9000
env:
- name: SONARQUBE_JDBC_USERNAME
value: "sonarUser"
- name: SONARQUBE_JDBC_PASSWORD
value: "123456"
- name: SONARQUBE_JDBC_URL
value: "jdbc:postgresql://postgres-sonar:5432/sonarDB"
# livenessProbe:
# httpGet:
# path: /sessions/new
# port: 9000
# initialDelaySeconds: 60
# periodSeconds: 30
# readinessProbe:
# httpGet:
# path: /sessions/new
# port: 9000
# initialDelaySeconds: 60
# periodSeconds: 30
# failureThreshold: 6
# resources:
# limits:
# cpu: 2000m
# memory: 2048Mi
# requests:
# cpu: 1000m
# memory: 1024Mi
volumeMounts:
- mountPath: /opt/sonarqube/conf
name: data
subPath: conf
- mountPath: /opt/sonarqube/data
name: data
subPath: data
- mountPath: /opt/sonarqube/extensions
name: data
subPath: extensions
volumes:
- name: data
nfs:
server: 10.10.98.32
path: /devops/sonarqube
---
apiVersion: v1
kind: Service
metadata:
name: sonarqube
namespace: devops
labels:
app: sonarqube
spec:
ports:
- name: sonarqube
port: 9000
targetPort: 9000
protocol: TCP
selector:
app: sonarqube
vim ingress.yaml
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: sonarqube
namespace: devops
spec:
rules:
- host: sonarqube.uat.wuxingge.com.cn
http:
paths:
- path:
backend:
serviceName: sonarqube
servicePort: 9000
默认用户名密码:admin/admin
sonarqube ldap认证
参考
https://docs.sonarqube.org/8.9/instance-administration/delegated-auth/
vim /opt/sonarqube/conf/sonar.properties
# LDAP configuration
sonar.security.realm=LDAP
ldap.url=ldap://192.168.44.20
ldap.bindDn=cn=writeuser,cn=manager,dc=wuxingge,dc=com,dc=cn
ldap.bindPassword=password123
ldap.user.baseDn=ou=4474,ou=4260,ou=4259,ou=employee,dc=wuxingge,dc=com,dc=cn
ldap.user.request=(&(objectClass=inetOrgPerson)(uid={login}))
ldap.user.realNameAttribute=displayName
ldap.user.emailAttribute=mail