Sonar scanner in k8s

Hi all,

I would just like to get everyone’s opinion on this matter.

Is it possible or best use case to setup a k8s cluster to create sonar scanner containers with specific specs based on different projects?

To elaborate more on this, I want to setup a cluster specifically for sonarqube use, since some projects are very large and can take up a lot of resources, my company wants to centralize the code scan process. Their initial thought is to setup a cluster, and for example if project A needs to be scanned, then k8s will create a pod based on the specs required to do the scan, and after the scan is complete, the pod will be gone. This way so that we can allocate a server’s resources so that it can scan multiple projects at the same time.

Does this sound like a good use case?

Hi @Roger_Kuo and welcome to the community :wave:

yes this is possible but rather a configuration matter for the CI system that you use. For example with you can define the limits for each job and drone will take care of creating a pod with this specifications. in k8s it is then up to the kube scheduler to find a node that matches this requests, but this is just an example with drone. you could do the same with jenkins or tekton or a lot of other CI systems that can work with k8s. if the software in question can be scanned by the sonar-scanner-cli, there is an official image that you could use for that.

this is my personal opinion, but i think sonarqube shines the most when it is configured together with a devops platform like gitlab/github or even gitea and scans per PR/MR. with this you can benefit from the “clean as you code” style of work.
If the goal is really to scan all projects periodically, think of a nightly/weekly pipeline to do that (if you are on k8s this could even be done with a cronjob and a bash script), but with that you would only see reports when the code in question is already on the reference branch.

hope that helps :slight_smile:


Thank you NotTobi for the reply!
So I would need a CI management tool to make this happen right? But if that’s the case, is there any point of setting up a k8s for this matter? I mean wouldn’t it be complicating things setting up a cluster for a sonar scanner task?

Depends on the view. For people who manage the ci system it is important where it runs and how it scales. K8s is a reasonable choice as a platform to host your infrastructure on.
For the people that just want to use the ci system in the end, the ease of use for the ci system is more important, so yeah putting k8s into the picture makes the system more complex.

I am guessing your company does not have a ci/cd system in place?

In the end is this a challenge that your company has to master when implementing a reasonable toolbox strategy including the underlying infrastructure. A bit too much for this community, I’d say :sweat_smile:

1 Like