|
|
@@ -7,19 +7,21 @@ pipeline {
|
|
|
}
|
|
|
|
|
|
environment {
|
|
|
- PROJECT_NAME = 'portal-service-frontend'
|
|
|
- BUILD_DIR = 'dist'
|
|
|
- NODE_ENV = 'production'
|
|
|
- HARBOR_HOST = '8.130.28.21:81'
|
|
|
- KUBECONFIG_PATH = '/root/.kube/config'
|
|
|
- NODE1_IP = '172.27.73.147'
|
|
|
- NODE2_IP = '172.27.73.146'
|
|
|
- HARBOR_USER = 'admin'
|
|
|
- HARBOR_PASS = 'Hfln@1024'
|
|
|
+ PROJECT_NAME = 'portal-service-frontend'
|
|
|
+ BUILD_DIR = 'dist'
|
|
|
+ NODE_ENV = 'production'
|
|
|
+ HARBOR_HOST = '8.130.28.21:81'
|
|
|
+ KUBECONFIG_PATH = '/root/.kube/config'
|
|
|
+ NODE1_IP = '172.27.73.147'
|
|
|
+ NODE2_IP = '172.27.73.146'
|
|
|
+ HARBOR_USER = 'admin'
|
|
|
+ HARBOR_PASS = 'Hfln@1024'
|
|
|
HARBOR_RETENTION_ID = '1'
|
|
|
- DOMAIN = 'radar-power.asia'
|
|
|
- TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
|
|
|
- TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
|
|
|
+
|
|
|
+ DOMAIN = 'radar-power.asia'
|
|
|
+ TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
|
|
|
+ TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
|
|
|
+ TLS_SECRET_NAME = 'portal-tls'
|
|
|
}
|
|
|
|
|
|
stages {
|
|
|
@@ -30,7 +32,6 @@ pipeline {
|
|
|
env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}"
|
|
|
echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
|
|
|
echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}"
|
|
|
- echo ">>> 域名:https://${env.DOMAIN}/"
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
@@ -78,24 +79,38 @@ pipeline {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('📦 部署到 Kubernetes(Ingress + ClusterIP)') {
|
|
|
+ stage('📦 处理命名空间和 TLS Secret') {
|
|
|
steps {
|
|
|
script {
|
|
|
- // 自动创建 portal-tls secret
|
|
|
sh """
|
|
|
- export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
- if ! kubectl get secret portal-tls -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
- echo ">>> 未检测到 portal-tls,正在创建..."
|
|
|
- kubectl create secret tls portal-tls \\
|
|
|
- --cert=${env.TLS_CERT_PATH} \\
|
|
|
- --key=${env.TLS_KEY_PATH} \\
|
|
|
- -n ${params.NAMESPACE}
|
|
|
- echo "✅ portal-tls 创建完成"
|
|
|
- else
|
|
|
- echo "✅ portal-tls 已存在,跳过创建"
|
|
|
- fi
|
|
|
+ export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
+
|
|
|
+ # 检查命名空间是否存在
|
|
|
+ if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
+ echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
|
|
|
+ kubectl create namespace ${params.NAMESPACE}
|
|
|
+ else
|
|
|
+ echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
|
|
|
+ fi
|
|
|
+
|
|
|
+ # 检查 TLS Secret 是否存在
|
|
|
+ if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
+ echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
|
|
|
+ kubectl create secret tls ${env.TLS_SECRET_NAME} \
|
|
|
+ --cert=${env.TLS_CERT_PATH} \
|
|
|
+ --key=${env.TLS_KEY_PATH} \
|
|
|
+ -n ${params.NAMESPACE}
|
|
|
+ else
|
|
|
+ echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建"
|
|
|
+ fi
|
|
|
"""
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
+ stage('📦 部署到 Kubernetes') {
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
def ingressBlock = """---
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
kind: Ingress
|
|
|
@@ -108,7 +123,7 @@ spec:
|
|
|
tls:
|
|
|
- hosts:
|
|
|
- ${env.DOMAIN}
|
|
|
- secretName: portal-tls
|
|
|
+ secretName: ${env.TLS_SECRET_NAME}
|
|
|
rules:
|
|
|
- host: ${env.DOMAIN}
|
|
|
http:
|
|
|
@@ -152,24 +167,24 @@ metadata:
|
|
|
name: ${env.PROJECT_NAME}
|
|
|
namespace: ${params.NAMESPACE}
|
|
|
spec:
|
|
|
- type: ClusterIP
|
|
|
+ type: NodePort
|
|
|
selector:
|
|
|
app: ${env.PROJECT_NAME}
|
|
|
ports:
|
|
|
- port: 80
|
|
|
targetPort: 80
|
|
|
+ nodePort: 30088
|
|
|
${ingressBlock}
|
|
|
"""
|
|
|
|
|
|
writeFile file: 'deploy.yaml', text: deployYaml
|
|
|
sh """
|
|
|
export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
- kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1 || kubectl create ns ${params.NAMESPACE}
|
|
|
kubectl apply -f deploy.yaml
|
|
|
kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]'
|
|
|
"""
|
|
|
|
|
|
- echo ">>> ✅ 部署完成,访问地址:https://${env.DOMAIN}/"
|
|
|
+ echo ">>> ✅ 部署完成(含 Ingress),访问地址:https://${env.DOMAIN}/ (请确保 DNS 已指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)"
|
|
|
}
|
|
|
}
|
|
|
}
|
