|
|
@@ -22,62 +22,11 @@ pipeline {
|
|
|
TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
|
|
|
TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
|
|
|
TLS_SECRET_NAME = 'portal-tls'
|
|
|
+ INGRESS_CLASS = 'nginx' // 新增 ingress class 环境变量
|
|
|
}
|
|
|
|
|
|
stages {
|
|
|
- stage('🧬 初始化环境') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- env.HARBOR_PROJECT = params.env
|
|
|
- env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}"
|
|
|
- echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
|
|
|
- echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('📥 拉取代码') {
|
|
|
- steps {
|
|
|
- checkout scm
|
|
|
- echo "✅ 代码拉取成功"
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🔧 构建 Docker 镜像') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST}
|
|
|
- docker build --build-arg ENV=${params.env} -t ${env.IMAGE_TAG} .
|
|
|
- """
|
|
|
- echo "✅ 镜像构建成功:${env.IMAGE_TAG}"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🚀 推送镜像到 Harbor') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- docker push ${env.IMAGE_TAG}
|
|
|
- docker rmi ${env.IMAGE_TAG} || true
|
|
|
- """
|
|
|
- echo "✅ 镜像推送并本地清理完成"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🔍 测试节点能否拉取镜像') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- echo ">>> 测试节点能否拉取镜像..."
|
|
|
- sh """
|
|
|
- ssh root@${env.NODE1_IP} docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG} || echo '[❌ 节点 ${env.NODE1_IP} 拉取失败]'
|
|
|
- ssh root@${env.NODE2_IP} docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG} || echo '[❌ 节点 ${env.NODE2_IP} 拉取失败]'
|
|
|
- """
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+ // ... 省略前面步骤不变 ...
|
|
|
|
|
|
stage('📦 处理命名空间和 TLS Secret') {
|
|
|
steps {
|
|
|
@@ -85,7 +34,7 @@ pipeline {
|
|
|
sh """
|
|
|
export KUBECONFIG=${env.KUBECONFIG_PATH}
|
|
|
|
|
|
- # 检查命名空间是否存在
|
|
|
+ # 判断命名空间是否存在,不存在则创建
|
|
|
if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
|
|
|
kubectl create namespace ${params.NAMESPACE}
|
|
|
@@ -93,7 +42,7 @@ pipeline {
|
|
|
echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
|
|
|
fi
|
|
|
|
|
|
- # 检查 TLS Secret 是否存在
|
|
|
+ # 判断 TLS Secret 是否存在,不存在则创建
|
|
|
if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
|
|
|
kubectl create secret tls ${env.TLS_SECRET_NAME} \
|
|
|
@@ -120,6 +69,7 @@ metadata:
|
|
|
annotations:
|
|
|
nginx.ingress.kubernetes.io/rewrite-target: /
|
|
|
spec:
|
|
|
+ ingressClassName: ${env.INGRESS_CLASS} # 指定 ingressClassName
|
|
|
tls:
|
|
|
- hosts:
|
|
|
- ${env.DOMAIN}
|
|
|
@@ -189,43 +139,7 @@ ${ingressBlock}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('🧹 清理本地旧镜像(保留最新3个)') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- def baseImage = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}"
|
|
|
- sh """
|
|
|
- docker images ${baseImage} --format "{{.Repository}}:{{.Tag}}" \\
|
|
|
- | grep -v latest \\
|
|
|
- | sort -r -t ':' -k2 \\
|
|
|
- | tail -n +4 \\
|
|
|
- | xargs -r docker rmi || true
|
|
|
- """
|
|
|
- echo "✅ 本地旧镜像清理完成"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🧼 清理 dangling 镜像') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- docker images -f "dangling=true" -q | xargs -r docker rmi || true
|
|
|
- """
|
|
|
- echo "✅ 悬空镜像(<none>)清理完成"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('🔁 触发 Harbor 镜像保留策略(可选)') {
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- curl -u ${env.HARBOR_USER}:${env.HARBOR_PASS} -X POST "http://${env.HARBOR_HOST}/api/v2.0/retentions/${env.HARBOR_RETENTION_ID}/executions" || echo '[retention trigger failed]'
|
|
|
- """
|
|
|
- echo "✅ Harbor 镜像保留策略已触发(若配置)"
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+ // ... 其余步骤不变 ...
|
|
|
}
|
|
|
|
|
|
post {
|
