Integrate SonarQube into Pipelines

SonarQube is a popular continuous inspection tool for code quality. You can use it for static and dynamic analysis of a codebase. After it is integrated into pipelines in KubeSphere, you can view common code issues such as bugs and vulnerabilities directly on the dashboard as SonarQube detects issues in a running pipeline.

This tutorial demonstrates how you can integrate SonarQube into pipelines. Refer to the following steps first before you create a pipeline using a Jenkinsfile.

Prerequisites

You need to enable KubeSphere DevOps System.

Install SonarQube Server

  1. Execute the following command to install SonarQube Server if it is not ready:

    helm upgrade --install sonarqube sonarqube --repo https://charts.kubesphere.io/main -n kubesphere-devops-system  --create-namespace --set service.type=NodePort
    
  2. You will get this prompt:

    sonarqube-install

Get Address of SonarQube Console

  1. Execute the following command to get SonarQube NodePort.

    export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services sonarqube-sonarqube)
    export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
    echo http://$NODE_IP:$NODE_PORT
    
  2. You can get the output as below (31434 is the port number in this example, which may be different from yours):

    http://192.168.0.4:31434
    

Configure SonarQube Server

Step 1: Access SonarQube Console

  1. Execute the following command to view the status of SonarQube. Note that the SonarQube console is not accessible until SonarQube is up and running.

    $ kubectl get pod -n kubesphere-devops-system
    NAME                                       READY   STATUS    RESTARTS   AGE
    ks-jenkins-68b8949bb-7zwg4                 1/1     Running   0          84m
    s2ioperator-0                              1/1     Running   1          84m
    sonarqube-postgresql-0                     1/1     Running   0          5m31s
    sonarqube-sonarqube-bb595d88b-97594        1/1     Running   2          5m31s
    uc-jenkins-update-center-8c898f44f-m8dz2   1/1     Running   0          85m
    
  2. Access the SonarQube console http://{$Node IP}:{$NodePort} in your browser and you can see its homepage as below:

    access-sonarqube-console

  3. Click Log in in the top right corner and use the default account admin/admin.

    log-in-page

    Note

    You may need to set up necessary port forwarding rules and open the port to access SonarQube in your security groups depending on where your instances are deployed.

Step 2: Create SonarQube Admin Token

  1. Click the letter A and select My Account from the menu to go to the Profile page.

    sonarqube-config-1

  2. Click Security and input a token name, such as kubesphere.

    sonarqube-config-2

  3. Click Generate and copy the token.

    sonarqube-config-3

    Warning

    Make sure you do copy the token because you won’t be able to see it again as shown in the prompt.

Step 3: Create a Webhook Server

  1. Execute the following command to get the address of SonarQube Webhook.

    export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services ks-jenkins)
    export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
    echo http://$NODE_IP:$NODE_PORT/sonarqube-webhook/
    
  2. Expected output:

    http://192.168.0.4:30180/sonarqube-webhook/
    
  3. Click Administration, Configuration and Webhooks in turn to create a webhook.

    sonarqube-webhook-1

  4. Click Create.

    sonarqube-webhook-3

  5. Input Name and Jenkins Console URL (i.e. the SonarQube Webhook address) in the dialogue that appears. Click Create to finish.

    webhook-page-info

Step 4: Add SonarQube Configuration to ks-installer

  1. Execute the following command to edit ks-installer.

    kubectl edit cc -n kubesphere-system ks-installer
    
  2. Navigate to devops. Add the field sonarqube and specify externalSonarUrl and externalSonarToken under it.

    devops:
      enabled: true
      jenkinsJavaOpts_MaxRAM: 2g
      jenkinsJavaOpts_Xms: 512m
      jenkinsJavaOpts_Xmx: 512m
      jenkinsMemoryLim: 2Gi
      jenkinsMemoryReq: 1500Mi
      jenkinsVolumeSize: 8Gi
      sonarqube: # Add this field manually.
        externalSonarUrl: http://192.168.0.4:31434 # The SonarQube IP address.
        externalSonarToken: f75dc3be11fd3d58debfd4e445e3de844683ad93 # The SonarQube admin token created above.
    
  3. Save the file after you finish.

Step 5: Add SonarQube Server to Jenkins

  1. Execute the following command to get the address of Jenkins.

    export NODE_PORT=$(kubectl get --namespace kubesphere-devops-system -o jsonpath="{.spec.ports[0].nodePort}" services ks-jenkins)
    export NODE_IP=$(kubectl get nodes --namespace kubesphere-devops-system -o jsonpath="{.items[0].status.addresses[0].address}")
    echo http://$NODE_IP:$NODE_PORT
    
  2. You can get the output as below, which tells you the port number of Jenkins.

    http://192.168.0.4:30180
    
  3. Access Jenkins with the address http://Public IP:30180. When KubeSphere is installed, the Jenkins dashboard is also installed by default. Besides, Jenkins is configured with KubeSphere LDAP, which means you can log in Jenkins with KubeSphere accounts (e.g. admin/[email protected]) directly. For more information about configuring Jenkins, see Jenkins System Settings.

    jenkins-login-page

    Note

    You may need to set up necessary port forwarding rules and open the port 30180 to access Jenkins in your security groups depending on where your instances are deployed.
  4. Click Manage Jenkins on the left.

    manage-jenkins

  5. Scroll down to Configure System and click it.

    configure-system

  6. Navigate to SonarQube servers and click Add SonarQube.

    add-sonarqube

  7. Input Name, Server URL (http://Node IP:port) and Server authentication token (the SonarQube admin token). Click Apply to finish.

    sonarqube-jenkins-settings

Step 6: Add sonarqubeUrl to KubeSphere Console

You need to specify sonarqubeURL so that you can access SonarQube directly from the KubeSphere console.

  1. Execute the following command:

    kubectl edit  cm -n kubesphere-system  ks-console-config
    
  2. Navigate to client and add the field devops with sonarqubeURL specified.

    client:
      version:
        kubesphere: v3.0.0
        kubernetes: v1.17.9
        openpitrix: v0.3.5
      enableKubeConfig: true
      devops: # Add this field manually.
        sonarqubeURL: http://192.168.0.4:31434 # The SonarQube IP address.
    
  3. Save the file.

Step 7: Restart Services to Make All Effective

Execute the following commands.

kubectl -n kubesphere-system rollout restart deploy ks-apiserver
kubectl -n kubesphere-system rollout restart deploy ks-console

Create SonarQube Token for New Project

You need a SonarQube token so that your pipeline can communicate with SonarQube as it runs.

  1. On the SonarQube console, click Create new project.

    sonarqube-create-project

  2. Enter a project key, such as java-demo, and click Set Up.

    jenkins-projet-key

  3. Enter a project name, such as java-sample, and click Generate.

    generate-a-token

  4. After the token is created, click Continue.

    token-created

  5. Choose Java and Maven respectively. Copy the serial number within the green box in the image below, which needs to be added in the Credentials section if it is to be used in pipelines.

    sonarqube-example

View Results on KubeSphere Console

After you create a pipeline using the graphical editing panel or create a pipeline using a Jenkinsfile, you can view the result of code quality analysis. For example, you may see an image as below if SonarQube runs successfully.

sonarqube-view-result