|
|
@@ -7,7 +7,7 @@ pipeline {
|
|
|
}
|
|
|
|
|
|
environment {
|
|
|
- PROJECT_NAME = 'portal-service-frontend' // 服务名称,保持和 Deployment、Service 一致
|
|
|
+ PROJECT_NAME = 'portal-service-frontend'
|
|
|
NODE_ENV = 'production'
|
|
|
HARBOR_HOST = '8.130.28.21:81'
|
|
|
KUBECONFIG_PATH = '/root/.kube/config'
|
|
|
@@ -16,13 +16,6 @@ pipeline {
|
|
|
HARBOR_USER = 'admin'
|
|
|
HARBOR_PASS = 'Hfln@1024'
|
|
|
HARBOR_RETENTION_ID = '1'
|
|
|
-
|
|
|
- DOMAIN = 'radar-power.asia'
|
|
|
- TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
|
|
|
- TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
|
|
|
- TLS_SECRET_NAME = 'portal-tls'
|
|
|
-
|
|
|
- INGRESS_CLASS = 'nginx' // ingress controller 的 ingressClass 名称
|
|
|
}
|
|
|
|
|
|
stages {
|
|
|
@@ -33,6 +26,8 @@ pipeline {
|
|
|
env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}"
|
|
|
echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
|
|
|
echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}"
|
|
|
+ echo ">>> 请使用以下镜像标签手动创建 Kubernetes 资源:"
|
|
|
+ echo ">>> ${env.IMAGE_TAG}"
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -80,131 +75,6 @@ pipeline {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('📦 处理命名空间和 TLS Secret') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
-
|
|
|
- if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
- echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
|
|
|
- kubectl create namespace ${params.NAMESPACE}
|
|
|
- else
|
|
|
- echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
|
|
|
- fi
|
|
|
-
|
|
|
- if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
- echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
|
|
|
- kubectl create secret tls ${env.TLS_SECRET_NAME} \
|
|
|
- --cert=${env.TLS_CERT_PATH} \
|
|
|
- --key=${env.TLS_KEY_PATH} \
|
|
|
- -n ${params.NAMESPACE}
|
|
|
- else
|
|
|
- echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建"
|
|
|
- fi
|
|
|
- """
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('📦 部署到 Kubernetes') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- def deployYaml = """
|
|
|
-apiVersion: apps/v1
|
|
|
-kind: Deployment
|
|
|
-metadata:
|
|
|
- name: ${env.PROJECT_NAME}
|
|
|
- namespace: ${params.NAMESPACE}
|
|
|
-spec:
|
|
|
- replicas: 2
|
|
|
- selector:
|
|
|
- matchLabels:
|
|
|
- app: ${env.PROJECT_NAME}
|
|
|
- template:
|
|
|
- metadata:
|
|
|
- labels:
|
|
|
- app: ${env.PROJECT_NAME}
|
|
|
- spec:
|
|
|
- containers:
|
|
|
- - name: ${env.PROJECT_NAME}
|
|
|
- image: ${env.IMAGE_TAG}
|
|
|
- ports:
|
|
|
- - containerPort: 80
|
|
|
- env:
|
|
|
- - name: NODE_ENV
|
|
|
- value: "${params.env}"
|
|
|
----
|
|
|
-apiVersion: v1
|
|
|
-kind: Service
|
|
|
-metadata:
|
|
|
- name: ${env.PROJECT_NAME}
|
|
|
- namespace: ${params.NAMESPACE}
|
|
|
-spec:
|
|
|
- type: ClusterIP
|
|
|
- selector:
|
|
|
- app: ${env.PROJECT_NAME}
|
|
|
- ports:
|
|
|
- - port: 80
|
|
|
- targetPort: 80
|
|
|
----
|
|
|
-apiVersion: networking.k8s.io/v1
|
|
|
-kind: Ingress
|
|
|
-metadata:
|
|
|
- name: ${env.PROJECT_NAME}
|
|
|
- namespace: ${params.NAMESPACE}
|
|
|
- annotations:
|
|
|
- nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
-spec:
|
|
|
- ingressClassName: ${env.INGRESS_CLASS}
|
|
|
- tls:
|
|
|
- - hosts:
|
|
|
- - ${env.DOMAIN}
|
|
|
- secretName: ${env.TLS_SECRET_NAME}
|
|
|
- rules:
|
|
|
- - host: ${env.DOMAIN}
|
|
|
- http:
|
|
|
- paths:
|
|
|
- - path: /
|
|
|
- pathType: Prefix
|
|
|
- backend:
|
|
|
- service:
|
|
|
- name: ${env.PROJECT_NAME}
|
|
|
- port:
|
|
|
- number: 80
|
|
|
-"""
|
|
|
-
|
|
|
- writeFile file: 'deploy.yaml', text: deployYaml
|
|
|
-
|
|
|
- sh """
|
|
|
- export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
- kubectl apply -f deploy.yaml
|
|
|
- kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]'
|
|
|
- """
|
|
|
-
|
|
|
- echo ">>> ✅ 部署完成,访问地址:https://${env.DOMAIN}/ (请确保 DNS 指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🛠 修复 Ingress Controller Service 为 NodePort') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
- SVC_TYPE=\$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.type}')
|
|
|
- if [ "\$SVC_TYPE" != "NodePort" ]; then
|
|
|
- echo ">>> ingress-nginx-controller 当前类型: \$SVC_TYPE,正在修改为 NodePort..."
|
|
|
- kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "NodePort"}}'
|
|
|
- else
|
|
|
- echo ">>> ingress-nginx-controller 已经是 NodePort,无需修改"
|
|
|
- fi
|
|
|
- kubectl get svc ingress-nginx-controller -n ingress-nginx -o wide
|
|
|
- """
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
stage('🧹 清理本地旧镜像(保留最新3个)') {
|
|
|
steps {
|
|
|
script {
|
|
|
@@ -246,13 +116,18 @@ spec:
|
|
|
|
|
|
post {
|
|
|
success {
|
|
|
- echo "✅ 构建 & 部署成功 🎉"
|
|
|
+ echo "✅ 构建 & 推送成功 🎉"
|
|
|
+ echo ">>> 请手动创建 Kubernetes 资源:"
|
|
|
+ echo ">>> 1. 创建命名空间:kubectl create ns ${params.NAMESPACE}"
|
|
|
+ echo ">>> 2. 创建 TLS Secret:kubectl create secret tls portal-tls --cert=/data/cert/radar-power.asia.pem --key=/data/cert/radar-power.asia.key -n ${params.NAMESPACE}"
|
|
|
+ echo ">>> 3. 应用 YAML 配置:kubectl apply -f k8s-deploy.yaml"
|
|
|
}
|
|
|
failure {
|
|
|
- echo "❌ 构建或部署失败,请检查日志"
|
|
|
+ echo "❌ 构建或推送失败,请检查日志"
|
|
|
}
|
|
|
always {
|
|
|
cleanWs()
|
|
|
}
|
|
|
+ }
|
|
|
}
|
|
|
-}
|
|
|
+}
|
