|
|
@@ -1,121 +1,258 @@
|
|
|
pipeline {
|
|
|
agent any
|
|
|
+
|
|
|
+ parameters {
|
|
|
+ choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境')
|
|
|
+ string(name: 'NAMESPACE', defaultValue: 'portal-frontends', description: 'K8s 命名空间')
|
|
|
+ }
|
|
|
+
|
|
|
environment {
|
|
|
- REGISTRY = "harbor.xxx.com"
|
|
|
- IMAGE_NAME = "portal-service-frontend"
|
|
|
- IMAGE_TAG = "latest"
|
|
|
- NAMESPACE = "portal-frontends"
|
|
|
- INGRESS_NAME = "portal-service-frontend"
|
|
|
- INGRESS_HOST = "radar-power.asia"
|
|
|
- TLS_SECRET = "portal-tls"
|
|
|
+ PROJECT_NAME = 'portal-service-frontend' // 服务名称,保持和 Deployment、Service 一致
|
|
|
+ NODE_ENV = 'production'
|
|
|
+ HARBOR_HOST = '8.130.28.21:81'
|
|
|
+ KUBECONFIG_PATH = '/root/.kube/config'
|
|
|
+ NODE1_IP = '172.27.73.147'
|
|
|
+ NODE2_IP = '172.27.73.146'
|
|
|
+ HARBOR_USER = 'admin'
|
|
|
+ HARBOR_PASS = 'Hfln@1024'
|
|
|
+ HARBOR_RETENTION_ID = '1'
|
|
|
+
|
|
|
+ DOMAIN = 'radar-power.asia'
|
|
|
+ TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
|
|
|
+ TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
|
|
|
+ TLS_SECRET_NAME = 'portal-tls'
|
|
|
+
|
|
|
+ INGRESS_CLASS = 'nginx' // ingress controller 的 ingressClass 名称
|
|
|
}
|
|
|
+
|
|
|
stages {
|
|
|
- stage('Build Image') {
|
|
|
+ stage('🧬 初始化环境') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ env.HARBOR_PROJECT = params.env
|
|
|
+ env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}"
|
|
|
+ echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
|
|
|
+ echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('📥 拉取代码') {
|
|
|
+ steps {
|
|
|
+ checkout scm
|
|
|
+ echo "✅ 代码拉取成功"
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('🔧 构建 Docker 镜像') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ sh """
|
|
|
+ docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST}
|
|
|
+ docker build --build-arg ENV=${params.env} -t ${env.IMAGE_TAG} .
|
|
|
+ """
|
|
|
+ echo "✅ 镜像构建成功:${env.IMAGE_TAG}"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('🚀 推送镜像到 Harbor') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ sh """
|
|
|
+ docker push ${env.IMAGE_TAG}
|
|
|
+ docker rmi ${env.IMAGE_TAG} || true
|
|
|
+ """
|
|
|
+ echo "✅ 镜像推送并本地清理完成"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('🔍 测试节点能否拉取镜像') {
|
|
|
steps {
|
|
|
script {
|
|
|
+ echo ">>> 测试节点能否拉取镜像..."
|
|
|
sh """
|
|
|
- docker build -t ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG} .
|
|
|
- docker login ${REGISTRY} -u harbor-username -p harbor-password
|
|
|
- docker push ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
|
|
|
+ ssh root@${env.NODE1_IP} "docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG}" || echo '[❌ 节点 ${env.NODE1_IP} 拉取失败]'
|
|
|
+ ssh root@${env.NODE2_IP} "docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG}" || echo '[❌ 节点 ${env.NODE2_IP} 拉取失败]'
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('Deploy to Kubernetes') {
|
|
|
+ stage('📦 处理命名空间和 TLS Secret') {
|
|
|
steps {
|
|
|
script {
|
|
|
sh """
|
|
|
- kubectl create namespace ${NAMESPACE} --dry-run=client -o yaml | kubectl apply -f -
|
|
|
+ export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
|
|
|
- # 创建 Deployment
|
|
|
- cat <<EOF | kubectl apply -f -
|
|
|
+ if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
+ echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
|
|
|
+ kubectl create namespace ${params.NAMESPACE}
|
|
|
+ else
|
|
|
+ echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
|
|
|
+ fi
|
|
|
+
|
|
|
+ if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
+ echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
|
|
|
+ kubectl create secret tls ${env.TLS_SECRET_NAME} \
|
|
|
+ --cert=${env.TLS_CERT_PATH} \
|
|
|
+ --key=${env.TLS_KEY_PATH} \
|
|
|
+ -n ${params.NAMESPACE}
|
|
|
+ else
|
|
|
+ echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建"
|
|
|
+ fi
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('📦 部署到 Kubernetes') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ def deployYaml = """
|
|
|
apiVersion: apps/v1
|
|
|
kind: Deployment
|
|
|
metadata:
|
|
|
- name: ${IMAGE_NAME}
|
|
|
- namespace: ${NAMESPACE}
|
|
|
+ name: ${env.PROJECT_NAME}
|
|
|
+ namespace: ${params.NAMESPACE}
|
|
|
spec:
|
|
|
replicas: 2
|
|
|
selector:
|
|
|
matchLabels:
|
|
|
- app: ${IMAGE_NAME}
|
|
|
+ app: ${env.PROJECT_NAME}
|
|
|
template:
|
|
|
metadata:
|
|
|
labels:
|
|
|
- app: ${IMAGE_NAME}
|
|
|
+ app: ${env.PROJECT_NAME}
|
|
|
spec:
|
|
|
containers:
|
|
|
- - name: ${IMAGE_NAME}
|
|
|
- image: ${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}
|
|
|
+ - name: ${env.PROJECT_NAME}
|
|
|
+ image: ${env.IMAGE_TAG}
|
|
|
ports:
|
|
|
- containerPort: 80
|
|
|
-EOF
|
|
|
-
|
|
|
- # 创建 Service
|
|
|
- cat <<EOF | kubectl apply -f -
|
|
|
+ env:
|
|
|
+ - name: NODE_ENV
|
|
|
+ value: "${params.env}"
|
|
|
+---
|
|
|
apiVersion: v1
|
|
|
kind: Service
|
|
|
metadata:
|
|
|
- name: ${IMAGE_NAME}
|
|
|
- namespace: ${NAMESPACE}
|
|
|
+ name: ${env.PROJECT_NAME}
|
|
|
+ namespace: ${params.NAMESPACE}
|
|
|
spec:
|
|
|
+ type: ClusterIP
|
|
|
selector:
|
|
|
- app: ${IMAGE_NAME}
|
|
|
+ app: ${env.PROJECT_NAME}
|
|
|
ports:
|
|
|
- port: 80
|
|
|
targetPort: 80
|
|
|
- type: ClusterIP
|
|
|
-EOF
|
|
|
-
|
|
|
- # 创建 Ingress
|
|
|
- cat <<EOF | kubectl apply -f -
|
|
|
+---
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
kind: Ingress
|
|
|
metadata:
|
|
|
- name: ${INGRESS_NAME}
|
|
|
- namespace: ${NAMESPACE}
|
|
|
+ name: ${env.PROJECT_NAME}
|
|
|
+ namespace: ${params.NAMESPACE}
|
|
|
annotations:
|
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
spec:
|
|
|
- ingressClassName: nginx
|
|
|
+ ingressClassName: ${env.INGRESS_CLASS}
|
|
|
+ tls:
|
|
|
+ - hosts:
|
|
|
+ - ${env.DOMAIN}
|
|
|
+ secretName: ${env.TLS_SECRET_NAME}
|
|
|
rules:
|
|
|
- - host: ${INGRESS_HOST}
|
|
|
+ - host: ${env.DOMAIN}
|
|
|
http:
|
|
|
paths:
|
|
|
- path: /
|
|
|
pathType: Prefix
|
|
|
backend:
|
|
|
service:
|
|
|
- name: ${IMAGE_NAME}
|
|
|
+ name: ${env.PROJECT_NAME}
|
|
|
port:
|
|
|
number: 80
|
|
|
- tls:
|
|
|
- - hosts:
|
|
|
- - ${INGRESS_HOST}
|
|
|
- secretName: ${TLS_SECRET}
|
|
|
-EOF
|
|
|
+"""
|
|
|
+
|
|
|
+ writeFile file: 'deploy.yaml', text: deployYaml
|
|
|
+
|
|
|
+ sh """
|
|
|
+ export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
+ kubectl apply -f deploy.yaml
|
|
|
+ kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]'
|
|
|
"""
|
|
|
+
|
|
|
+ echo ">>> ✅ 部署完成,访问地址:https://${env.DOMAIN}/ (请确保 DNS 指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)"
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('Fix Ingress Controller Service') {
|
|
|
+ stage('🛠 修复 Ingress Controller Service 为 NodePort') {
|
|
|
steps {
|
|
|
script {
|
|
|
- echo "检查 ingress-nginx-controller Service 是否是 NodePort..."
|
|
|
- def svcType = sh(script: "kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.type}'", returnStdout: true).trim()
|
|
|
- if (svcType != "NodePort") {
|
|
|
- echo "修改 ingress-nginx-controller Service 类型为 NodePort..."
|
|
|
- sh """
|
|
|
- kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "NodePort"}}'
|
|
|
- """
|
|
|
- } else {
|
|
|
- echo "ingress-nginx-controller 已经是 NodePort,无需修改"
|
|
|
- }
|
|
|
- sh "kubectl get svc ingress-nginx-controller -n ingress-nginx -o wide"
|
|
|
+ sh """
|
|
|
+ export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
+ SVC_TYPE=\$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.type}')
|
|
|
+ if [ "\$SVC_TYPE" != "NodePort" ]; then
|
|
|
+ echo ">>> ingress-nginx-controller 当前类型: \$SVC_TYPE,正在修改为 NodePort..."
|
|
|
+ kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec": {"type": "NodePort"}}'
|
|
|
+ else
|
|
|
+ echo ">>> ingress-nginx-controller 已经是 NodePort,无需修改"
|
|
|
+ fi
|
|
|
+ kubectl get svc ingress-nginx-controller -n ingress-nginx -o wide
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('🧹 清理本地旧镜像(保留最新3个)') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ def baseImage = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}"
|
|
|
+ sh """
|
|
|
+ docker images ${baseImage} --format "{{.Repository}}:{{.Tag}}" \\
|
|
|
+ | grep -v latest \\
|
|
|
+ | sort -r -t ':' -k2 \\
|
|
|
+ | tail -n +4 \\
|
|
|
+ | xargs -r docker rmi || true
|
|
|
+ """
|
|
|
+ echo "✅ 本地旧镜像清理完成"
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
+
|
|
|
+ stage('🧼 清理 dangling 镜像') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ sh """
|
|
|
+ docker images -f "dangling=true" -q | xargs -r docker rmi || true
|
|
|
+ """
|
|
|
+ echo "✅ 悬空镜像(<none>)清理完成"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ stage('🔁 触发 Harbor 镜像保留策略(可选)') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ sh """
|
|
|
+ curl -u ${env.HARBOR_USER}:${env.HARBOR_PASS} -X POST "http://${env.HARBOR_HOST}/api/v2.0/retentions/${env.HARBOR_RETENTION_ID}/executions" || echo '[retention trigger failed]'
|
|
|
+ """
|
|
|
+ echo "✅ Harbor 镜像保留策略已触发(若配置)"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ post {
|
|
|
+ success {
|
|
|
+ echo "✅ 构建 & 部署成功 🎉"
|
|
|
+ }
|
|
|
+ failure {
|
|
|
+ echo "❌ 构建或部署失败,请检查日志"
|
|
|
+ }
|
|
|
+ always {
|
|
|
+ cleanWs()
|
|
|
+ }
|
|
|
}
|
|
|
}
|
