Running SonarQube in IBM Kubernetes Service (IKS) on IBM Cloud

Introduction

SonarQube empowers all developers to write cleaner and safer code. Catch bugs and vulnerabilities in your app, with thousands of automated Static Code Analysis rules. This will only make sure your code is as per the industry standards and you can rest assured there is comprehensive testing done with this.

This article enables you to quickly setup a community version of SonarQube in IBM Kubernetes service (IKS) on IBM Cloud. In this tutorial, you learn:

1. Provisioning of a Kubernetes cluster in IBM Cloud and installing the required tools
2. Installing SonarQube
3. Launching the SonarQube dashboard

Prerequistes

1. An IBM Cloud account
2. Local machine with any OS ( I am using mac in this setup)

Deployment Setup

IBM Cloud UI

Log in to IBM Cloud ( https://cloud.ibm.com ). Go to Catalog, under services you can find Kubernetes service.

In this demo, I have used the Kubernetes 1.16.14 (Stable) version in a classic infrastructure in a single zone region. Once you choose the version, select Geography ( Asia Pacific), Availability (Single Zone), Worker Zone (Chennai 01) 

The worker node size used in this setup was 4 vCPUs and 16  GB Memory with 1 worker node per zone.

The master service endpoint is set to Public endpoint only.

Choose the cluster name wisely, you can leave it default but recommend to use something of your choice.

Create the cluster. Until the cluster setup is up, log in to the Ubuntu Machine.

Download the necessary tools for IBM Cloud.

curl -sL https://ibm.biz/idt-installer | bash

Login in to your IBM Cloud Account, the region, and resource group might change based on your selection.

xxxxxxxxxx

ibmcloud login -a cloud.ibm.com -r jp-tok -g default

Set the Kubernetes context to your cluster for this terminal session.

xxxxxxxxxx

ibmcloud ks cluster config --cluster "YOUR CLUSTER ID"

Verify that you can connect to your cluster.

xxxxxxxxxx

kubectl config current-context

Note: In case you forget your cluster setting, you can retrieve this information by visiting https://cloud.ibm.com/kubernetes/clusters and clicking Access under your cluster.

To verify your setting, run the following code.

xxxxxxxxxx

kubectl version --short

The following should be your output(depends on the version you are using).

xxxxxxxxxx

Client Version: v1.17.11

Server Version: v1.16.14+IKS

xxxxxxxxxx

ibmcloud cr login

The output should be as following, again depends on the region where you are using the container registry

xxxxxxxxxx

Logging in to 'registry.ng.bluemix.net'...

Logged in to 'registry.ng.bluemix.net'.

Logging in to 'us.icr.io'...

Logged in to 'us.icr.io'.

OK

Find your container registry namespace by running the following command

xxxxxxxxxx

ibmcloud cr namespaces

The output might be as follows :

x

Listing namespaces for account 'Deepak Rai's Account' in registry 'us.icr.io'...

Namespace   

abc    

drname 

mfpbff   

my_names

OK

If you don’t have any, create one by using following command. Its always nice to maintain the image in a different namespace

xxxxxxxxxx

 ibmcloud cr namespace-add <name>

In my case, I added a new namespace sqube.

xxxxxxxxxx

ibmcloud cr namespace-add sqube

The output should be as follows:

xxxxxxxxxx

Adding namespace 'sqube'...

Successfully added namespace 'sqube'

OK

Identify your Container Registry by running the following command

xxxxxxxxxx

ibmcloud cr info

The output will be as following:

xxxxxxxxxx

Container Registry                us.icr.io   

Container Registry API endpoint   https://us.icr.io/api   

IBM Cloud API endpoint            https://cloud.ibm.com   

IBM Cloud account details         Deepak Rai Account

IBM Cloud organization details     ()   

OK

Using the docker tag create a target image in the IBM Cloud container registry from the source docker registry. In this demo, I have used sonarqube:7.9.4-community edition. For more details about the version and other tags please refer :https://hub.docker.com/_/sonarqube?tab=tags

x

docker tag sonarqube:7.9.4-community  <REGISTRY>/<NAMESPACE>/<APPNAME>

In my case I used:

x

docker tag sonarqube:7.9.4-community  us.icr.io/sqube/sq:v7.9.4

Push the Docker image to your Container Registry on IBM Cloud

xxxxxxxxxx

docker push us.icr.io/sqube/sq:v7.9.4

The output should be as follows:

x

The push refers to repository [us.icr.io/sqube/sq]

d0f6eff5ea67: Pushed 

da6ef9551a7e: Pushed 

05b6b12d86c7: Pushed 

51c2f5ed4a22: Pushed 

36d4dcc9c91b: Pushed 

9dabcc3f61c5: Pushed 

4248c87e7f37: Pushed 

eb27fd2b2495: Pushed 

07cab4339852: Pushed 

v7.9.4: digest: sha256:xxxxxxxxxxxxxx size: 2206

Verify that the image was pushed successfully by running the following command.

xxxxxxxxxx

ibmcloud cr image-list

The output should be as follows:

x

Listing images...

Repository         Tag    Digest    Namespace Created      Size Security status   

us.icr.io/sqube/sq v7.9.4 1774vf    sqube     13 hours ago 287 MB   No Issues

OK

As you can observe, IBM Cloud container registry does one level of security scanning for you and lists all the issues. In this case there was no issues with the image. Incase you see any issues, you can login to IBM Cloud, go to registry section to understand the issues in details https://cloud.ibm.com/kubernetes/registry/main/start

Deploy Your Containerized SonarQube Application

Once you have a running Kubernetes cluster, you can deploy your containerized application on top of it. To do so, you create a Kubernetes Deployment configuration. The Deployment instructs Kubernetes on how to create and update instances of your application. Once you create a Deployment, the Kubernetes master schedules the mentioned application instances onto individual Nodes in the cluster. A Kubernetes Deployment Controller continuously monitors those instances that were created

To create a deployment, you will create a  deployment file. In this case, I have created deployment.yaml

xxxxxxxxxx

vi deployment.yaml

The YAML file consists of the following:

xxxxxxxxxx

apiVersion: apps/v1

kind: Deployment

metadata:

 name: sonarqube

 labels:

   app: sonarqube

spec:

 replicas: 1

 selector:

   matchLabels:

     app: sonarqube

 template:

   metadata:

     labels:

       app: sonarqube

   spec:

     containers:

     - name: sonarqube

       image: us.icr.io/sqube/sq:v7.9.4

Create a deployment by using the following command

xxxxxxxxxx

kubectl create -f deployment.yaml

 The output will be as follows:

xxxxxxxxxx

deployment.apps/sonarqube created

By default, the pod is only accessible by its internal IP within the cluster. Create a Kubernetes Service object that external clients can use to access an application running in a cluster. In this case, I have exposed this as a service with type LoadBalancer

xxxxxxxxxx

kubectl expose deployment.apps/sonarqube --type=LoadBalancer --port=80 --target-port=9000  

Output will be as follows:

xxxxxxxxxx

service/sonarqube exposed

Access the SonarQube Application

To verify that your application is running successfully, you need to check the STATUS of your pod. It should be in a state of Running:

xxxxxxxxxx

kubectl get pods -l app=sonarqube

Output should be as follows:

x

NAME                        READY   STATUS    RESTARTS   AGE

sonarqube-7743554c7-chvgh   1/1     Running   0          10s

To identify the public IP, run the following command:

xxxxxxxxxx

kubectl get svc -l app=sonarqube

Output should be as follows :

xxxxxxxxxx

NAME        TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)        AGE

sonarqube   LoadBalancer   172.21.108.13   169.59.239.67   80:30634/TCP   12h

To access the application, you can go to your browser and type http://EXTERNAL-IP:NODEPORT

In this case http://169.59.239.67:30634/

That's all folks. 

Deletion if Needed

Incase you want to delete the entire application. Run the following command

xxxxxxxxxx

kubectl delete deployment,service -l app=sonarqube

Hope you liked this article, in the next one I would write about how this can be configured in the IBM Cloud CI/CD pipeline (Toolchains) to automate the testing for your application.

Cheers!!!