k8s部署sonarqube
SonarQube需要依赖数据库存储数据,且SonarQube7.9及其以后版本将不再支持Mysql,官网有推荐的几种数据库,我这块选择使用PostgreSQL作为SonarQube的数据库。
1、部署PGSql
由于我们有现成的pg库,是在阿里云上,这里就直接使用了。
首先在原有的pg实例上创建一个sonarqube的库"sonarDB",然后设置账号和密码。
2、部署SonarQube
deplyment.yaml
镜像仓库使用官方的最新版镜像
apiVersion: apps/v1
kind: Deployment
metadata:name: sonarqubelabels:app: sonarqube
spec:replicas: 1selector:matchLabels:app: sonarqubetemplate:metadata:labels:app: sonarqubespec:containers:- name: sonarqubeimage: sonarqube:9.9.0-communityimagePullPolicy: IfNotPresentresources:limits:cpu: 2000mmemory: 2048Mirequests:cpu: 500mmemory: 500Miports:- containerPort: 9000env:- name: SONARQUBE_JDBC_USERNAMEvalue: "sonarqube"- name: SONARQUBE_JDBC_PASSWORDvalue: "123456"- name: SONARQUBE_JDBC_URLvalue: "jdbc:postgresql://xxxx-xxxxx.pg.rds.aliyuncs.com:1921/sonarDB"livenessProbe:httpGet:path: /sessions/newport: 9000initialDelaySeconds: 60periodSeconds: 30readinessProbe:httpGet:path: /sessions/newport: 9000initialDelaySeconds: 60periodSeconds: 30failureThreshold: 6volumeMounts:- mountPath: /opt/sonarqube/confname: datasubPath: conf- mountPath: /opt/sonarqube/dataname: datasubPath: data- mountPath: /opt/sonarqube/extensionsname: datasubPath: extensionsvolumes:- name: datapersistentVolumeClaim:claimName: sonarqube-data
service.yaml
apiVersion: v1
kind: Service
metadata:name: sonarqubelabels:app: sonarqube
spec:type: ClusterIPports:- name: sonarqubeport: 9000targetPort: 9000protocol: TCPselector:app: sonarqube
这里使用的是storageclass来构建pv和pvc,基于nfs来存储数据的,所以还需要创建nfs-provisioner和nfs-provisione的serviceaccount
storageclass.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: sonarqube-dataannotations:volume.beta.kubernetes.io/storage-class: "course-nfs-storage"
spec:accessModes:- ReadWriteManyresources:requests:storage: 500Mi
[root@wdcloud sonarqube]# ls
nfs-client-sa.yaml nfs-client.yaml pvc.yaml service.yaml sonarqube-deployment.yaml storageclass.yaml
storageclass.yaml
[root@wdcloud sonarqube]# cat storageclass.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:name: course-nfs-storage
provisioner: fuseim.pri/ifs
allowVolumeExpansion: true
nfs-client-sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:name: nfs-client-provisioner---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: nfs-client-provisioner-runner
rules:- apiGroups: [""]resources: ["persistentvolumes"]verbs: ["get", "list", "watch", "create", "delete"]- apiGroups: [""]resources: ["persistentvolumeclaims"]verbs: ["get", "list", "watch", "update"]- apiGroups: ["storage.k8s.io"]resources: ["storageclasses"]verbs: ["get", "list", "watch"]- apiGroups: [""]resources: ["events"]verbs: ["list", "watch", "create", "update", "patch"]- apiGroups: [""]resources: ["endpoints"]verbs: ["create", "delete", "get", "list", "watch", "patch", "update"]---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:name: run-nfs-client-provisioner
subjects:- kind: ServiceAccountname: nfs-client-provisionernamespace: devops
roleRef:kind: ClusterRolename: nfs-client-provisioner-runnerapiGroup: rbac.authorization.k8s.io
nfs-client-provisioner.yaml
kind: Deployment
apiVersion: apps/v1
metadata:name: nfs-client-provisioner
spec:replicas: 1selector:matchLabels:app: nfs-client-provisionerstrategy:type: Recreatetemplate:metadata:labels:app: nfs-client-provisionerspec:serviceAccountName: nfs-client-provisionercontainers:- name: nfs-client-provisionerimage: quay.io/external_storage/nfs-client-provisioner:latestvolumeMounts:- name: nfs-client-rootmountPath: /persistentvolumesenv:- name: PROVISIONER_NAMEvalue: fuseim.pri/ifs- name: NFS_SERVERvalue: xx.xx.xx.xx- name: NFS_PATHvalue: /data/storage/sonarqubevolumes:- name: nfs-client-rootnfs:server: xx.xx.xx.xxpath: /data/storage/sonarqube
pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: sonarqube-dataannotations:volume.beta.kubernetes.io/storage-class: "course-nfs-storage"
spec:accessModes:- ReadWriteManyresources:requests:storage: 500Mi
部署完成后,可以通过serviceIP进行访问,账号和密码都是admin,有需要配置域名访问的,需要自己单独配置。
