Persistent Volume

SonarQube will be making two PersistentVolumeClaims, one for SonarQube and one for the Postgres database. A PersistentVolume will be needed for each. Since this is all temporary in Katacoda, a hostPath based PersistentVolume is created for both.

mkdir -p /mnt/data/postgres && kubectl create -f pv-postgres.yaml

mkdir -p /mnt/data/sonarqube && kubectl create -f pv-sonarqube.yaml

Install

Create a namespace for the installation target.

kubectl create namespace sonarqube

Using Helm, install the SonarQube Helm chart with a few custom values.

helm install sonar stable/sonarqube --namespace sonarqube --values sonarqube-values.yaml

This chart bootstraps a SonarQube instance along with a PostgreSQL database. SonarQube also loads several plugins defined in the Helm chart configuration. To get a complete status of the deployment availability run this inspection.

watch kubectl get deployments,pods,services --namespace sonarqube

Once complete, the Pods will move to the running state. The deployment.extensions/sonar-sonarqube deployment may take 2-3 minutes before it reports `Available'. The behavior of the plugins can effect the startup time. All the Deployments will eventually move to the Available (1) state. Use this clear to break out of the watch or press Ctrl+C.

The SonarQube service is exposed as a NodePort but at a random value. This chart does not allow the NodePort value to be assigned. For Katacode to offer a URL to the service, the NodePort must adjusted to a known number, 31111. A workaround is to apply a patch to the port value.

kubectl patch service sonar-sonarqube -n sonarqube --type='json' --patch='[{"op": "replace", "path": "/spec/ports/0/nodePort", "value":31111}]'

View the SonarQube dashboard here: SonarQube Dashboard.

You can login as admin / admin and view the pre-installed select plugins.

Notice the dashboard reports the number of analyzed projects is zero. With SonarQube running it's now ready to analyze a project.

Example Project

Clone an example Java project.

git clone https://github.com/javajon/code-analysis

This project includes a microservice directory that contains a small Spring Boot application built with Gradle. Go into the application source root directory.

cd code-analysis/microservice

Analysis

Analyze this microservices project using SonarQube as the rule engine and dashboard where the results are published.

Get your SonarQube engine location.

SONAR_SERVICE=https://[[HOST_SUBDOMAIN]]-31111-[[KATACODA_HOST]].environments.katacoda.com

Run the analysis.

./gradlew -Dsonar.host.url=$SONAR_SERVICE sonarqube

The analysis will take about 1-2 minutes. Once complete, navigate to the SonarQube portal and observe the analyzed project. The portal can be reach from the tab labeled SonarQube Portal above this command line or from this link: https://[[HOST_SUBDOMAIN]]-31111-[[KATACODA_HOST]].environments.katacoda.com/.

SonarQube is not limited to just Java. It offers code analysis of these 25+ languages:

ABAP · Apex · C/C++ · C# · CSS · COBOL · Flex · Go · HTML · Java · JavaScript · Kotlin · Objective-C · PL/SQL · PL/I · PHP · Python · RPG · Ruby · Scala · Swift · T-SQL · TypeScript · VB.NET · VB6 · XML

More language and features are discussed in the community forum and roadmap.

Along with the growing language support is a rich ecosystem of 70+ plugins driven by the SonarSource community.

SonarQube and its community of plugins teaches all of us to become better engineers. Consider contributing to these open source efforts or join the SonarSource team.