Introduction

Sonarqube is an open source platform used to measure and analyze the source code quality. It has 4 different flavors [community[free], developer, enterprise and data center – more info can be found here:

https://www.sonarqube.org/

Want to share a few pointers on how to get it up and running on a Kubernetes[K8S] cluster. It is worth to note that K8S is not officially supported by Sonar [yet].

The setup [Infra as code]

Combination of Terraform and Helm[provider] allows us to deliver, manage, improve and optimize infrastructure. There is already an upstream helm repo, for sonarqube, that can be used:

https://github.com/Oteemo/charts/tree/master/charts/sonarqube

In the configuration section (above link), you can find the default values of all parameters used. I will touch upon few critical ones that played critical role on getting a stable sonar over K8S.

Note1: Needed Developer Edition (MR/branches supported)!

Note2: HA is only supported in enterprise edition!

ParameterDescriptionValue I used (not default)
image.tagsonarqube image tag.8.4.2-Developer
persistence.enabled
enables persistent storageTrue (False*)
sonarProperties
Custom sonar.properties 
file
sonar.web.systemPasscode**: ${health_api_pwd}
sonar.web.javaOpts***: -Xmx1024m -Xms256m
sonar.ce.javaOpts***: -Xmx1024m -Xms256m
sonar.search.javaOpts***: -Xmx1536m -Xms1536m
jvmOptsValues to add to SONARQUBE_WEB_JVM_OPTS“-Dnetworkaddress.cache.ttls****=30”
postgresql.enabled
Set to false to use external serverFalse*
resources:
limits:
cpu: 2000m
memory: 6144Mi
requests:
cpu: 2000m
memory: 4096Mi

*If you want replicas > 1, you will need to set both paramaters to “False”. This will buy you 2 things: external server (DB) as well as ephemeral storage (most of the config goes to DB). Moreover, you want make sure replicas are scheduled on different K8S nodes and you will also need following annotations on your ingress/nginx.

nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/affinity-mode: balanced

All requests will hit the same pod. If the POD is deleted, the session is lost. [pods run in this configuration as stand-alone and NOT cluster].

In my case, have been running with single replica (for true HA, you will need enterprise edition).

**if you want to monitor sonar’s health endpoint without exposing critical credential.

*** This is twice the heap of the default and works for for me. You will need to tune it up. Based on that, I adjusted K8S/POD resources as above shown.

**** Public cloud providers changes public IP assigned to load balancers rather often. Therefore, if you do not set this property, sonar wont be able to validate the host after public IP changes (and restart will be required).

This does NOT cover all helm/parameters that are needed though definitely the most critical ones. Good Luck.

Should you have questions/comments, please hit me up.

BTW: same guidelines can be used towards Community (or others flavors), just make sure you pass the right image tag (see above).

Leave a Reply