From 78c28cb610c9b78cdb15afda080a895be0922629 Mon Sep 17 00:00:00 2001 From: Tobias Trabelsi <64127335+tobias-trabelsi-sonarsource@users.noreply.github.com> Date: Fri, 10 Sep 2021 08:53:01 +0200 Subject: [PATCH] SONAR-15341 documented Helm repo and refreshed documentation about k8s --- .../setup/sonarqube-cluster-on-kubernetes.md | 32 ++++--- .../pages/setup/sonarqube-on-kubernetes.md | 91 ++++++++++++------- 2 files changed, 74 insertions(+), 49 deletions(-) diff --git a/server/sonar-docs/src/pages/setup/sonarqube-cluster-on-kubernetes.md b/server/sonar-docs/src/pages/setup/sonarqube-cluster-on-kubernetes.md index 9551e65353d..66e903dc37f 100644 --- a/server/sonar-docs/src/pages/setup/sonarqube-cluster-on-kubernetes.md +++ b/server/sonar-docs/src/pages/setup/sonarqube-cluster-on-kubernetes.md @@ -1,5 +1,5 @@ --- -title: Deploy DCE on Kubernetes +title: Deploy a SonarQube Cluster on Kubernetes url: /setup/sonarqube-cluster-on-kubernetes/ --- @@ -7,8 +7,7 @@ _This page applies to deploying SonarQube Data Center Edition on Kubernetes. For # Overview -[[info]] -| Deploying and operating SonarQube Data Center Edition on Kubernetes is currently in Beta status. +[[info]] | Deploying and operating SonarQube Data Center Edition on Kubernetes is available starting SonarQube 9.1 and is currently in Beta status. You can find the SonarQube DCE Helm chart on [GitHub](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube-dce). @@ -41,15 +40,14 @@ We try to provide a good default with the Helm chart, but there are some points Currently only helm3 is supported. -To install the Helm Chart from the [GitHub](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube-dce) Repository, you can use the following commands: +To install the Helm Chart from Helm Repository, you can use the following commands: ```bash -git clone https://github.com/SonarSource/helm-chart-sonarqube.git -cd helm-chart-sonarqube/charts/sonarqube-dce -helm dependency update +helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube +helm repo update kubectl create namespace sonarqube-dce export JWT_SECRET=$(echo -n "your_secret" | openssl dgst -sha256 -hmac "your_key" -binary | base64) -helm upgrade --install -f values.yaml -n sonarqube-dce sonarqube-dce --set ApplicationNodes.jwtSecret=$JWT_SECRET ./ +helm upgrade --install -n sonarqube-dce sonarqube-dce --set ApplicationNodes.jwtSecret=$JWT_SECRET sonarqube/sonarqube-dce ``` ### Ingress Creation @@ -130,6 +128,17 @@ spec: app: sonarqube-dce ``` +### Log Format + +SonarQube prints all logs in plain-text to stdout/stderr. It can print logs as JSON-String if the variable `logging.jsonOutput` is set to `true`. This will enable log collection tools like [Loki](https://grafana.com/oss/loki/) to do post processing on the information that are provided by the application. + +#### LogQL Example + +With JSON Logging enabled, you can define a LogQL Query like this to filter only logs with the severity "ERROR" and display the Name of the Pod as well as the Message: + +``` +{namespace="sonarqube-dce", app="sonarqube-dce"}| json | severity="ERROR" | line_format "{{.nodename}} {{.message}}" +``` ### Other Configuration Options @@ -140,14 +149,9 @@ As SonarQube is intended to be run anywhere, there are some drawbacks that are c ### No Sidecar Support -There is currently no support for additional sidecar containers and, as a result, there is no support for log collection. SonarQube will print the main application log to stdout, but logs on the web, ce, or search component will be printed to separate file streams inside the container. +There is currently no support for additional sidecar containers. If you want to use a sidecar container with the SonarQube deployment, you have to manually alter the deployment. -### No Log Complete Collection - -As previously mentioned, there's currently no support for a log collection to make SonarQube observable. Logs are printed to separate file streams as plaintext. -If you still want to scrape these logs, you will need to manually alter the deployment to read these 4 file streams and send them to your log collection solution manually. - ### Problems with Azure Fileshare PVC Currently, there is a known limitation when working on AKS that resonates around the use of Azure Fileshare. We recommend using another storage class for persistency on AKS. diff --git a/server/sonar-docs/src/pages/setup/sonarqube-on-kubernetes.md b/server/sonar-docs/src/pages/setup/sonarqube-on-kubernetes.md index 2dddad16da8..63e1b5d695d 100644 --- a/server/sonar-docs/src/pages/setup/sonarqube-on-kubernetes.md +++ b/server/sonar-docs/src/pages/setup/sonarqube-on-kubernetes.md @@ -1,5 +1,5 @@ --- -title: Deploy Non-DCE on Kubernetes +title: Deploy SonarQube on Kubernetes url: /setup/sonarqube-on-kubernetes/ --- @@ -7,8 +7,6 @@ _This part of the Documentation is only valid for Community, Developer, and Ente # Overview -Deploying SonarQube on Kubernetes is still in the early phases. We've only tested deployment with the following recommendations and constraints, and deployment has some limitations as documented below. - You can find the SonarQube Helm chart on [GitHub](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube). Your feedback is welcome at [our community forum](https://community.sonarsource.com/). @@ -19,11 +17,14 @@ When you want to operate SonarQube on Kubernetes, consider the following recomme ### Prerequisites +#### SonarQube Helm Chart + | Kubernetes Version | Helm Chart Version | SonarQube Version | | -------- | ----------------------------- | ----------------- | -| 1.19 | 1.0 | 8.9 | -| 1.20 | 1.0 | 8.9 | -| 1.21 | 1.0 | 8.9 | +| 1.19 | 1.1 | 9.1 | +| 1.20 | 1.1 | 9.1 | +| 1.21 | 1.1 | 9.1 | + ### Pod Security Policies @@ -103,14 +104,13 @@ We try to provide a good default with the Helm chart, but there are some points Currently only helm3 is supported. -To install the Helm Chart from the [GitHub](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube) Repository, you can use the following commands: +To install the Helm Chart from our Helm Repository, you can use the following commands: ```bash -git clone https://github.com/SonarSource/helm-chart-sonarqube.git -cd helm-chart-sonarqube/charts/sonarqube -helm dependency update +helm repo add sonarqube https://SonarSource.github.io/helm-chart-sonarqube +helm repo update kubectl create namespace sonarqube -helm upgrade --install -f values.yaml -n sonarqube sonarqube ./ +helm upgrade --install -n sonarqube sonarqube sonarqube/sonarqube ``` ### Persistency @@ -206,6 +206,51 @@ ingress: nginx.ingress.kubernetes.io/proxy-body-size: "8m" ``` +### Monitoring + +Currently, no cloud-native monitoring solutions play nicely with SonarQube or are supported by SonarSource. It is, however, possible to expose at least the JMX metrics to Prometheus with the help of the Prometheus JMX exporter for the Application Nodes. +To use this option, set the following values in your `values.yaml` file: + +```yaml +prometheusExporter: + enabled: true + config: + rules: + - pattern: ".*" +``` + +This downloads the Prometheus JMX exporter agent and adds it to the startup options of SonarQube. With this default configuration, the JMX metrics will be exposed on /metrics for Prometheus to scrape. + +The config scope here defines a configuration that is understandable by the Prometheus JMX exporter. For more information, please see the [documentation](https://github.com/prometheus/jmx_exporter). + +#### PodMonitor + +You can collect metrics on application nodes using PodMonitor for Prometheus. Search node monitoring is not currently supported. To monitor applications nodes, define PodMonitor as follows: + +```yaml +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: sonarqube + namespace: monitoring +spec: + namespaceSelector: + matchNames: + - sonarqube + podMetricsEndpoints: + - interval: 30s + path: / + scheme: http + targetPort: monitoring-ce + - interval: 30s + path: / + scheme: http + targetPort: monitoring-web + selector: + matchLabels: + app: sonarqube +``` + ### Other Configuration Options While we only document the most pressing Helm chart customizations in this documentation, there are other possibilities for you to choose to [Customize the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). Please see the Helm chart [README](https://github.com/SonarSource/helm-chart-sonarqube/tree/master/charts/sonarqube) file for more information on these. @@ -214,14 +259,6 @@ While we only document the most pressing Helm chart customizations in this docum As SonarQube is intended to be run anywhere, there are some drawbacks that are currently known when operating in Kubernetes. This list is not comprehensive, but something to keep in mind and points for us to improve on. -### No Sidecar Support - -There is currently no support for additional sidecar containers and, as a result, there is no support for log collection. SonarQube will print the main application log to stdout, but logs on the web, ce, or search component will be printed to separate file streams inside the container. -If you want to use a sidecar container with the SonarQube deployment, you have to manually alter the deployment. -### No Log Complete Collection - -As previously mentioned, there's currently no support for a log collection to make SonarQube observable. Logs are printed to separate file streams as plaintext. -If you still want to scrape these logs, you will need to manually alter the deployment to read these 4 file streams and send them to your log collection solution manually. ### Readiness and Startup delays When persistence is disabled, SonarQube startup takes significantly longer as the Elasticsearch indexes need to be rebuilt. As this delay depends on the amount of data in your SonarQube instance, the values for the startup/readiness and liveness probes need to be adjusted to your environment. @@ -231,19 +268,3 @@ We also recommend taking a look at the default limits for the SonarQube deployme Currently, there is a known limitation when working on AKS that resonates around the use of Azure Fileshare. We recommend using another storage class for persistency on AKS. -### Monitoring - -Currently, no cloud-native monitoring solutions play nicely with SonarQube or are supported by SonarSource. It is, however, possible to expose at least the JMX metrics to Prometheus with the help of the Prometheus JMX exporter. -To use this option, set the following values in your `values.yaml` file: - -```yaml -prometheusExporter: - enabled: true - config: - rules: - - pattern: ".*" -``` - -This downloads the Prometheus JMX exporter agent and adds it to the startup options of SonarQube. With this default configuration, the JMX metrics will be exposed on /metrics for Prometheus to scrape. - -The config scope here defines a configuration that is understandable by the Prometheus JMX exporter. For more information, please see the [documentation](https://github.com/prometheus/jmx_exporter). -- 2.39.5