From c0f182de3c768bbf9ef6ce2547bcd2a54f05c519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=AD=99=E5=B0=8F=E4=BA=91?= Date: Mon, 8 Sep 2025 17:05:10 +0800 Subject: [PATCH] addSonar --- sonar/get-sonar-token.sh | 43 ++++++++++ sonar/initSonar.sh | 32 +++++++ sonar/sonar-deployment.yaml | 167 ++++++++++++++++++++++++++++++++++++ sonar/sonar-ingress.yaml | 26 ++++++ 4 files changed, 268 insertions(+) create mode 100755 sonar/get-sonar-token.sh create mode 100755 sonar/initSonar.sh create mode 100644 sonar/sonar-deployment.yaml create mode 100644 sonar/sonar-ingress.yaml diff --git a/sonar/get-sonar-token.sh b/sonar/get-sonar-token.sh new file mode 100755 index 0000000..493d3cf --- /dev/null +++ b/sonar/get-sonar-token.sh @@ -0,0 +1,43 @@ +#!/bin/bash + +echo "=== SonarQube Token 获取指南 ===" +echo "" +echo "1. 访问 SonarQube: https://sonar-ops.t-aaron.com" +echo "2. 使用默认账号登录:" +echo " - 用户名: admin" +echo " - 密码: admin" +echo "" +echo "3. 获取 Token 步骤:" +echo " - 点击右上角用户头像" +echo " - 选择 'My Account'" +echo " - 点击 'Security' 标签" +echo " - 在 'Generate Tokens' 部分输入 Token 名称: 'drone-ci'" +echo " - 点击 'Generate' 按钮" +echo " - 复制生成的 Token" +echo "" +echo "4. 在 Drone 中添加 Secret:" +echo " - 访问 Drone: https://drone-devops.t-aaron.com" +echo " - 进入项目设置" +echo " - 添加 Secret:" +echo " - Name: SONAR_TOKEN" +echo " - Value: [刚才复制的Token]" +echo "" +echo "5. 验证配置:" +echo " - 提交代码触发构建" +echo " - 查看构建日志中的 sonar-scan 步骤" +echo "" + +# 检查 SonarQube 是否可访问 +echo "=== 检查 SonarQube 连接 ===" +if curl -s -o /dev/null -w "%{http_code}" https://sonar-ops.t-aaron.com | grep -q "200\|302"; then + echo "✅ SonarQube 服务可访问" +else + echo "❌ SonarQube 服务不可访问,请检查服务状态" +fi + +echo "" +echo "=== 当前配置信息 ===" +echo "SonarQube URL: https://sonar-ops.t-aaron.com" +echo "项目 Key: springboot-demo" +echo "项目名称: Spring Boot Demo" +echo "" diff --git a/sonar/initSonar.sh b/sonar/initSonar.sh new file mode 100755 index 0000000..6b4bc74 --- /dev/null +++ b/sonar/initSonar.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +echo "开始部署 SonarQube..." + +# 应用 SonarQube 配置 +echo "应用 SonarQube 部署配置..." +kubectl apply -f sonar-deployment.yaml + +# 应用 Ingress 配置(单独文件) +echo "应用 SonarQube Ingress 配置..." +kubectl apply -f sonar-ingress.yaml + +# 等待 Pod 启动 +echo "等待 SonarQube Pod 启动..." +kubectl wait --for=condition=Ready pod -l app=sonar -n default --timeout=300s + +# 检查部署状态 +echo "检查 SonarQube 部署状态..." +kubectl get pods -n default +kubectl get svc -n default +kubectl get ingress -n default + +# 显示访问信息 +echo "" +echo "SonarQube 部署完成!" +echo "访问地址: http://sonar-ops.t-aaron.com/sonar" +echo "默认用户名/密码: admin/admin" +echo "" +echo "等待服务完全启动(可能需要几分钟)..." +echo "可以使用以下命令检查状态:" +echo "kubectl get pods -n default" +echo "kubectl logs -f deployment/sonar -n default" diff --git a/sonar/sonar-deployment.yaml b/sonar/sonar-deployment.yaml new file mode 100644 index 0000000..73df88f --- /dev/null +++ b/sonar/sonar-deployment.yaml @@ -0,0 +1,167 @@ +# SonarQube 使用 devops 命名空间 +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: sonar-pv +spec: + capacity: + storage: 10Gi + accessModes: + - ReadWriteOnce + storageClassName: local-storage + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /opt/sonar + type: DirectoryOrCreate + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: Exists +--- + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: sonar-pvc + namespace: default +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi + storageClassName: local-storage + volumeName: sonar-pv +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sonar-config + namespace: default +data: + sonar.properties: | + sonar.web.host=0.0.0.0 + sonar.web.port=9000 + sonar.web.context=/sonar + sonar.jdbc.url=jdbc:h2:tcp://localhost:9092/sonar + sonar.jdbc.driverClassName=org.h2.Driver + sonar.jdbc.username=sonar + sonar.jdbc.password=sonar + sonar.embeddedDatabase.port=9092 + sonar.search.port=9001 + sonar.search.javaOpts=-Xmx512m -Xms512m -XX:+HeapDumpOnOutOfMemoryError + sonar.web.javaOpts=-Xmx512m -Xms512m -XX:+HeapDumpOnOutOfMemoryError +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sonar + namespace: default + labels: + app: sonar +spec: + replicas: 1 + selector: + matchLabels: + app: sonar + template: + metadata: + labels: + app: sonar + spec: + securityContext: + fsGroup: 1000 + runAsUser: 1000 + runAsGroup: 1000 + initContainers: + - name: fix-permissions + image: registry.t-aaron.com/busybox:1.36 + command: ["sh","-c"] + args: + - chown -R 1000:1000 /opt/sonarqube/data /opt/sonarqube/logs /opt/sonarqube/extensions || true; + volumeMounts: + - name: sonar-data + mountPath: /opt/sonarqube/data + - name: sonar-logs + mountPath: /opt/sonarqube/logs + - name: sonar-extensions + mountPath: /opt/sonarqube/extensions + containers: + - name: sonar + image: registry.t-aaron.com/sonarqube:9.9-community + ports: + - containerPort: 9000 + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + env: + - name: SONAR_ES_BOOTSTRAP_CHECKS_DISABLE + value: "true" + - name: SONAR_JDBC_URL + value: "jdbc:h2:tcp://localhost:9092/sonar" + - name: SONAR_JDBC_USERNAME + value: "sonar" + - name: SONAR_JDBC_PASSWORD + value: "sonar" + resources: + requests: + memory: "1Gi" + cpu: "300m" + limits: + memory: "2Gi" + cpu: "800m" + volumeMounts: + - name: sonar-data + mountPath: /opt/sonarqube/data + - name: sonar-logs + mountPath: /opt/sonarqube/logs + - name: sonar-extensions + mountPath: /opt/sonarqube/extensions + - name: sonar-conf + mountPath: /opt/sonarqube/conf/sonar.properties + subPath: sonar.properties + livenessProbe: + httpGet: + path: /sonar/api/system/status + port: 9000 + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + readinessProbe: + httpGet: + path: /sonar/api/system/status + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + volumes: + - name: sonar-data + persistentVolumeClaim: + claimName: sonar-pvc + - name: sonar-logs + emptyDir: {} + - name: sonar-extensions + emptyDir: {} + - name: sonar-conf + configMap: + name: sonar-config +--- +apiVersion: v1 +kind: Service +metadata: + name: sonar-service + namespace: default + labels: + app: sonar +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + name: http + selector: + app: sonar diff --git a/sonar/sonar-ingress.yaml b/sonar/sonar-ingress.yaml new file mode 100644 index 0000000..69adef6 --- /dev/null +++ b/sonar/sonar-ingress.yaml @@ -0,0 +1,26 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: sonar-ingress + namespace: default + annotations: + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure + traefik.ingress.kubernetes.io/router.tls: "true" +spec: + tls: + - hosts: + - sonar-ops.t-aaron.com + secretName: tls + rules: + - host: sonar-ops.t-aaron.com + http: + paths: + - path: /sonar + pathType: Prefix + backend: + service: + name: sonar-service + port: + number: 9000 + +