# SonarQube 使用 devops 命名空间 --- apiVersion: v1 kind: PersistentVolume metadata: name: sonar-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteOnce storageClassName: local-storage persistentVolumeReclaimPolicy: Retain hostPath: path: /opt/sonar type: DirectoryOrCreate nodeAffinity: required: nodeSelectorTerms: - matchExpressions: - key: node-role.kubernetes.io/control-plane operator: Exists --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: sonar-pvc namespace: default spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Gi storageClassName: local-storage volumeName: sonar-pv --- apiVersion: v1 kind: ConfigMap metadata: name: sonar-config namespace: default data: sonar.properties: | sonar.web.host=0.0.0.0 sonar.web.port=9000 sonar.web.context=/sonar sonar.jdbc.url=jdbc:h2:tcp://localhost:9092/sonar sonar.jdbc.driverClassName=org.h2.Driver sonar.jdbc.username=sonar sonar.jdbc.password=sonar sonar.embeddedDatabase.port=9092 sonar.search.port=9001 sonar.search.javaOpts=-Xmx512m -Xms512m -XX:+HeapDumpOnOutOfMemoryError sonar.web.javaOpts=-Xmx512m -Xms512m -XX:+HeapDumpOnOutOfMemoryError # 使用内置搜索引擎,禁用 Elasticsearch #sonar.search.type=embedded #sonar.embeddedDatabase.dataDir=/opt/sonarqube/data #sonar.embeddedDatabase.tempDir=/opt/sonarqube/temp # 禁用更新中心连接,避免网络超时 #sonar.updatecenter.activate=false #sonar.telemetry.enable=false --- apiVersion: apps/v1 kind: Deployment metadata: name: sonar namespace: default labels: app: sonar spec: replicas: 1 selector: matchLabels: app: sonar template: metadata: labels: app: sonar spec: securityContext: fsGroup: 1000 runAsUser: 1000 runAsGroup: 1000 initContainers: - name: fix-permissions image: registry.t-aaron.com/busybox:1.36 command: ["sh","-c"] args: - chown -R 1000:1000 /opt/sonarqube/data /opt/sonarqube/logs /opt/sonarqube/extensions || true; volumeMounts: - name: sonar-data mountPath: /opt/sonarqube/data - name: sonar-logs mountPath: /opt/sonarqube/logs - name: sonar-extensions mountPath: /opt/sonarqube/extensions containers: - name: sonar image: registry.t-aaron.com/sonarqube:9.9-community ports: - containerPort: 9000 securityContext: runAsUser: 1000 runAsGroup: 1000 env: - name: SONAR_ES_BOOTSTRAP_CHECKS_DISABLE value: "true" - name: SONAR_JDBC_URL value: "jdbc:h2:tcp://localhost:9092/sonar" - name: SONAR_JDBC_USERNAME value: "sonar" - name: SONAR_JDBC_PASSWORD value: "sonar" resources: requests: memory: "1Gi" cpu: "300m" limits: memory: "2Gi" cpu: "800m" volumeMounts: - name: sonar-data mountPath: /opt/sonarqube/data - name: sonar-logs mountPath: /opt/sonarqube/logs - name: sonar-extensions mountPath: /opt/sonarqube/extensions - name: sonar-conf mountPath: /opt/sonarqube/conf/sonar.properties subPath: sonar.properties livenessProbe: httpGet: path: /sonar/api/system/status port: 9000 initialDelaySeconds: 60 periodSeconds: 30 timeoutSeconds: 10 readinessProbe: httpGet: path: /sonar/api/system/status port: 9000 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 volumes: - name: sonar-data persistentVolumeClaim: claimName: sonar-pvc - name: sonar-logs emptyDir: {} - name: sonar-extensions emptyDir: {} - name: sonar-conf configMap: name: sonar-config --- apiVersion: v1 kind: Service metadata: name: sonar-service namespace: default labels: app: sonar spec: type: ClusterIP ports: - port: 9000 targetPort: 9000 protocol: TCP name: http selector: app: sonar