Deploy SonarQube to Azure Kubernetes Service cluster and integrate with Azure DevOps build pipeline

This is the next part of the series on developing and deploying

  • Angular, ASP.NET Core Web API and SQL Server to Azure Kubernetes Service
  • Function Apps using Azure Functions 2.0 runtime

In this article, I am going to share steps needed to deploy SonarQube to Azure Kubernetes Service cluster and integrate with Azure DevOps pipeline to setup code analysis for Angular and ASP.NET Core web apps created in previous parts of this series. The previous articles of this series are

https://blogs.msdn.microsoft.com/atverma/2018/09/16/azure-kubernetes-service-aks-deploying-angular-asp-net-core-and-sql-server-on-linux/

https://blogs.msdn.microsoft.com/atverma/2018/10/19/asp-net-core-2-1-web-api-load-app-configuration-from-appsettings-json-dockerfile-environment-variables-azure-key-vault-secrets-and-kubernetes-configmaps-secrets/

https://blogs.msdn.microsoft.com/atverma/2018/09/26/azure-functions-2-0-create-debug-and-deploy-to-azure-kubernetes-service-aks/

https://blogs.msdn.microsoft.com/atverma/2018/10/29/azure-functions-2-0-create-function-app-from-docker-image-functions-triggered-by-cosmos-db-blob-storage-event-hub-and-signalr-service-bindings

https://blogs.msdn.microsoft.com/atverma/2018/11/02/add-real-time-web-functionality-to-angular-application-using-asp-net-core-signalr-azure-signalr-service-and-azure-signalr-service-bindings-for-azure-functions-2-0/

The tools used to develop these components are Visual Studio for Mac/VS Code/VS 2017, AKS Dashboard, Docker for Desktop and kubectl. 

SonarQube

SonarQube provides the capability to not only show health of an application but also to highlight issues newly introduced. I am going to configure SQL Server as backend database for SonarQube.

Create a SQL Server Database

Create a SQL Server database named 'SonarDB' in the existing SQL server instance I had created during the first part of this series. SonarQube requires that database collation must be case-sensitive and accent-sensitive. Either you can specify collation while creating database or update it e.g code snippets to create/change collation to SQL_Latin1_General_CP1_CS_AS are

CREATE DATABASE SonarDB COLLATE SQL_Latin1_General_CP1_CS_AS;ALTER DATABASE SonarDB COLLATE SQL_Latin1_General_CP1_CS_AS;

Create a SQL Login account which SonarQube needs to connect to 'SonarDB' database.

Create a Persistent Volume

Persistent volume claim is needed to store SonarQube data. The yaml snippet to create a 5 GB storage is displayed below. The deployment resource is going to mount files to this storage claim. You can read more about Persistent Volumes. apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: sonar-data-claimspec:  accessModes:  - ReadWriteOnce  resources:   requests:    storage: 5Gi

Create a Kubernetes Service

The next step is to create a Kubernetes Service for SonarQube. As you can see in yaml snippet below, port 80/9000 is defined and type is LoadBalancer i.e. this service will have external endpoints. Kubernetes will use to selector 'app: sonar-deployment' to map to the deployment as you are going to see next. You can read more about ServicesapiVersion: v1kind: Servicemetadata:  name: sonar-svc  labels:    name: sonar-svcspec:  type: LoadBalancer  ports:  - protocol: TCP    port: 80    targetPort: 9000  selector:    app: sonar-deployment

Create a Kubernetes Deployment

The next step is to create a Kubernetes Deployment for SonarQube. The yaml snippet is displayed below and a few pointers are

  • The docker image being used to create this resource is image: sonarqube
  • You can change the number of pods by updating replicas: 1
  • Label app: sonar-deployment has to match the selector defined in the service
  • Persistent volume claim created above is used for storage i.e. persistentVolumeClaim: claimName:sonar-data-claim.
  • JDBC username, password and URL are specified which need to be updated based on values specific to your 'SonarDB' database and login user.

apiVersion: extensions/v1beta1kind: Deploymentmetadata:  name: sonar-deployment  labels:    app: sonar-deploymentspec:  replicas: 1  template:    metadata:      labels:        app: sonar-deployment    spec:      terminationGracePeriodSeconds: 15      initContainers:      - name: fix-the-volume-permission        image: busybox        command:        - sh        - -c        - chown -R 1000:1000 /opt/sonarqube/extensions        securityContext:          privileged: true        volumeMounts:        - name: sonarqube-data          mountPath: /opt/sonarqube/extensions      - name: fix-the-volume-permission1        image: busybox        command:        - sh        - -c        - chown -R 1000:1000 /opt/sonarqube/data        securityContext:          privileged: true        volumeMounts:        - name: sonarqube-data          mountPath: /opt/sonarqube/data      containers:      - name: sonarqube        image: sonarqube        ports:        - name: sonarqube          containerPort: 9000        env:        - name: SONARQUBE_JDBC_USERNAME          value: sonar        - name: SONARQUBE_JDBC_PASSWORD          value: SONAR_SQL_LOGIN_PASSWORD        - name: SONARQUBE_JDBC_URL           value: jdbc:sqlserver://mssql-deployment:1433;databaseName=sonardb;user=sonar;password=SONAR_SQL_LOGIN_PASSWORD        volumeMounts:         - name: sonarqube-data           mountPath: /opt/sonarqube/extensions           subPath: extensions         - name: sonarqube-data           mountPath: /opt/sonarqube/data           subPath: data      volumes:      - name: sonarqube-data        persistentVolumeClaim:           claimName: sonar-data-claim

After SonarQube resources are deployed to AKS cluster, navigate to the public endpoint and login using default credentials i.e. username and password is 'admin'. You can change the password. For this sample built in users are provisioned for authentication however you can configure external identity providers. You can read more about external identity providers and http headers based authentication.

Enable SonarQube plugin in Azure DevOps

You need to enable SonarQube extension in Azure DevOps. Browse for SonarQube extension in marketplace and enable it.

Generate Token in SonarQube

Azure DevOps will need token to connect to SonarQube instance. You need to generate token in SonarQube portal by navigating to SonarQube > Security > Generate Tokens. Keep a note of the token.

Create Projects in SonarQube

The next step is to create projects for Angular App and ASP.NET Core Web API in SonarQube portal. The project keys will be needed in Azure DevOps build pipeline thus keep a note of these values.

 

Create a new Service Connection in Azure DevOps

In order to connect Azure DevOps to SonarQube, you will need to create a new service connection in Azure DevOps. The main pointers are

  • Specify a connection name
  • Specify the Server Url as endpoint address of SonarQube
  • Specify Token value which is generated in previous step

Setting up Azure DevOps build pipeline for Angular App

The three steps needed for SonarQube integration barring npm install and npm build are

  • Prepare Analysis Configuration
    • This step needs to be run before build
    • Select SonarQube server endpoint
    • Specify Project Key and Project Name for Angular App
    • Specify Sources directory root i.e. path to root directory containing source files
  • Run Code Analysis
    • This step needs to be run after build
  • Publish Quality Gate Result

Setting up Azure DevOps build pipeline for ASP.NET Core Web API App

The three steps needed for SonarQube integration barring Restore and Build are

  • Prepare Analysis Configuration
    • This step needs to be run before build
    • Select SonarQube server endpoint
    • Specify Project Key for ASP.NET Core Web API App
    • Select integrate with MSBuild option
  • Run Code Analysis
    • This step needs to be run after build
  • Publish Quality Gate Result

Queue Angular and ASP.NET Core Web API Builds

Queue Angular and ASP.NET Core Web API builds on you can see detailed analysis in SonarQube portal.

This completes this article on deploying SonarQube to Azure Kubernetes Service cluster and integration with Azure DevOps build pipeline. The Kubernetes resources needed to deploy SonarQube to AKS cluster can be downloaded from GitHub.