|
|
@@ -4,8 +4,6 @@ pipeline {
|
|
|
parameters {
|
|
|
choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境')
|
|
|
string(name: 'NAMESPACE', defaultValue: 'portal-frontend', description: 'K8s 命名空间')
|
|
|
- string(name: 'DOMAIN', defaultValue: '', description: 'Ingress 域名(留空则不创建 Ingress)')
|
|
|
- string(name: 'TLS_SECRET', defaultValue: 'portal-tls', description: 'TLS Secret 名称(仅在 DOMAIN 非空时使用)')
|
|
|
booleanParam(name: 'FORCE_UPDATE_CONFIG', defaultValue: false, description: '强制更新配置(包括 Deployment 和 Ingress)')
|
|
|
}
|
|
|
|
|
|
@@ -18,6 +16,8 @@ pipeline {
|
|
|
HARBOR_USER = 'admin'
|
|
|
HARBOR_PASS = 'Hfln@1024'
|
|
|
HARBOR_RETENTION_ID = '1'
|
|
|
+ DOMAIN = 'radar-power.asia'
|
|
|
+ TLS_SECRET = 'portal-tls'
|
|
|
}
|
|
|
|
|
|
stages {
|
|
|
@@ -27,12 +27,7 @@ pipeline {
|
|
|
env.HARBOR_PROJECT = params.env
|
|
|
env.IMAGE_TAG = "${HARBOR_HOST}/${env.HARBOR_PROJECT}/${PROJECT_NAME}:${BUILD_NUMBER}"
|
|
|
echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
|
|
|
- if (params.DOMAIN?.trim()) {
|
|
|
- echo ">>> 域名:${params.DOMAIN}, TLS Secret:${params.TLS_SECRET}"
|
|
|
- echo ">>> 将使用 LoadBalancer 类型访问"
|
|
|
- } else {
|
|
|
- echo ">>> 未配置域名,将使用 NodePort 类型访问"
|
|
|
- }
|
|
|
+ echo ">>> 域名:${env.DOMAIN}, TLS Secret:${env.TLS_SECRET}"
|
|
|
echo ">>> 强制更新配置:${params.FORCE_UPDATE_CONFIG}"
|
|
|
}
|
|
|
}
|
|
|
@@ -45,56 +40,17 @@ pipeline {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- stage('🔐 配置 Ingress 控制器') {
|
|
|
- when {
|
|
|
- expression { params.DOMAIN?.trim() }
|
|
|
- }
|
|
|
- steps {
|
|
|
- script {
|
|
|
- sh """
|
|
|
- export KUBECONFIG=${KUBECONFIG_PATH}
|
|
|
-
|
|
|
- echo ">>> 配置 Ingress 控制器为 LoadBalancer 类型..."
|
|
|
-
|
|
|
- # 检查 Ingress 控制器 Service 类型
|
|
|
- INGRESS_SERVICE_TYPE=\$(kubectl get svc ingress-nginx-controller -n ingress-nginx -o jsonpath='{.spec.type}')
|
|
|
- echo ">>> 当前 Ingress 控制器类型: \${INGRESS_SERVICE_TYPE}"
|
|
|
-
|
|
|
- if [ "\${INGRESS_SERVICE_TYPE}" != "LoadBalancer" ]; then
|
|
|
- echo ">>> 修改 Ingress 控制器为 LoadBalancer 类型..."
|
|
|
- kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"LoadBalancer"}}'
|
|
|
- echo "✅ Ingress 控制器已修改为 LoadBalancer 类型"
|
|
|
- echo "⚠️ 注意:外部 IP 分配可能需要一些时间,请稍后检查"
|
|
|
- else
|
|
|
- echo "✅ Ingress 控制器已经是 LoadBalancer 类型"
|
|
|
- fi
|
|
|
-
|
|
|
- # 显示当前状态
|
|
|
- echo ">>> 当前 Ingress 控制器状态:"
|
|
|
- kubectl get svc ingress-nginx-controller -n ingress-nginx
|
|
|
- """
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- stage('�� 验证 TLS Secret') {
|
|
|
- when {
|
|
|
- expression { params.DOMAIN?.trim() }
|
|
|
- }
|
|
|
+ stage('🔐 配置 Ingress 控制器') {
|
|
|
steps {
|
|
|
script {
|
|
|
sh """
|
|
|
export KUBECONFIG=${KUBECONFIG_PATH}
|
|
|
|
|
|
- # 验证 TLS Secret 是否存在
|
|
|
- if ! kubectl get secret ${params.TLS_SECRET} -n ${params.NAMESPACE} >/dev/null 2>&1; then
|
|
|
- echo "❌ TLS Secret '${params.TLS_SECRET}' 在命名空间 '${params.NAMESPACE}' 中不存在!"
|
|
|
- echo "请先创建 TLS Secret:"
|
|
|
- echo "kubectl create secret tls ${params.TLS_SECRET} --cert=fullchain.pem --key=privkey.pem -n ${params.NAMESPACE}"
|
|
|
- exit 1
|
|
|
- fi
|
|
|
+ echo ">>> 配置 Ingress 控制器为 LoadBalancer 类型..."
|
|
|
+ kubectl patch svc ingress-nginx-controller -n ingress-nginx -p '{"spec":{"type":"LoadBalancer"}}' || echo "⚠️ 修改失败,可能已经是 LoadBalancer 类型"
|
|
|
|
|
|
- echo "✅ TLS Secret '${params.TLS_SECRET}' 验证成功"
|
|
|
+ echo ">>> 当前 Ingress 控制器状态:"
|
|
|
+ kubectl get svc ingress-nginx-controller -n ingress-nginx
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
|
@@ -127,7 +83,6 @@ pipeline {
|
|
|
stage(' Kubernetes 部署') {
|
|
|
steps {
|
|
|
script {
|
|
|
- def domain = params.DOMAIN?.trim()
|
|
|
sh """
|
|
|
export KUBECONFIG=${KUBECONFIG_PATH}
|
|
|
|
|
|
@@ -141,11 +96,10 @@ pipeline {
|
|
|
echo ">>> 强制更新配置,删除现有资源..."
|
|
|
kubectl delete deployment ${PROJECT_NAME} -n ${params.NAMESPACE} --ignore-not-found=true
|
|
|
kubectl delete svc ${PROJECT_NAME} -n ${params.NAMESPACE} --ignore-not-found=true
|
|
|
- kubectl delete svc ${PROJECT_NAME}-nodeport -n ${params.NAMESPACE} --ignore-not-found=true
|
|
|
kubectl delete ingress ${PROJECT_NAME}-ingress -n ${params.NAMESPACE} --ignore-not-found=true
|
|
|
fi
|
|
|
|
|
|
- echo ">>> 创建 Deployment..."
|
|
|
+ echo ">>> 创建 Deployment 和 Service..."
|
|
|
kubectl apply -n ${params.NAMESPACE} -f - <<EOF
|
|
|
apiVersion: apps/v1
|
|
|
kind: Deployment
|
|
|
@@ -184,13 +138,8 @@ spec:
|
|
|
path: /
|
|
|
port: 80
|
|
|
initialDelaySeconds: 5
|
|
|
- periodSeconds: 5
|
|
|
-EOF
|
|
|
-
|
|
|
- # 根据是否配置域名创建不同的 Service
|
|
|
- if [ -n "${domain}" ]; then
|
|
|
- echo ">>> 创建 ClusterIP Service(用于 Ingress)..."
|
|
|
- kubectl apply -n ${params.NAMESPACE} -f - <<EOF
|
|
|
+ periodSeconds: 5
|
|
|
+---
|
|
|
apiVersion: v1
|
|
|
kind: Service
|
|
|
metadata:
|
|
|
@@ -204,29 +153,9 @@ spec:
|
|
|
targetPort: 80
|
|
|
protocol: TCP
|
|
|
EOF
|
|
|
- else
|
|
|
- echo ">>> 创建 NodePort Service(用于直接访问)..."
|
|
|
- kubectl apply -n ${params.NAMESPACE} -f - <<EOF
|
|
|
-apiVersion: v1
|
|
|
-kind: Service
|
|
|
-metadata:
|
|
|
- name: ${PROJECT_NAME}-nodeport
|
|
|
-spec:
|
|
|
- type: NodePort
|
|
|
- selector:
|
|
|
- app: ${PROJECT_NAME}
|
|
|
- ports:
|
|
|
- - port: 80
|
|
|
- targetPort: 80
|
|
|
- nodePort: 30085
|
|
|
- protocol: TCP
|
|
|
-EOF
|
|
|
- fi
|
|
|
|
|
|
- # 创建 Ingress(如果提供了域名)
|
|
|
- if [ -n "${domain}" ]; then
|
|
|
- echo ">>> 创建 Ingress..."
|
|
|
- kubectl apply -n ${params.NAMESPACE} -f - <<EOF
|
|
|
+ echo ">>> 创建 Ingress..."
|
|
|
+ kubectl apply -n ${params.NAMESPACE} -f - <<EOF
|
|
|
apiVersion: networking.k8s.io/v1
|
|
|
kind: Ingress
|
|
|
metadata:
|
|
|
@@ -244,10 +173,10 @@ metadata:
|
|
|
spec:
|
|
|
tls:
|
|
|
- hosts:
|
|
|
- - ${domain}
|
|
|
- secretName: ${params.TLS_SECRET}
|
|
|
+ - ${env.DOMAIN}
|
|
|
+ secretName: ${env.TLS_SECRET}
|
|
|
rules:
|
|
|
- - host: ${domain}
|
|
|
+ - host: ${env.DOMAIN}
|
|
|
http:
|
|
|
paths:
|
|
|
- path: /
|
|
|
@@ -258,36 +187,22 @@ spec:
|
|
|
port:
|
|
|
number: 80
|
|
|
EOF
|
|
|
- fi
|
|
|
|
|
|
else
|
|
|
# 只更新镜像
|
|
|
echo ">>> Deployment 已存在,仅更新镜像..."
|
|
|
kubectl set image deployment/${PROJECT_NAME} ${PROJECT_NAME}=${IMAGE_TAG} -n ${params.NAMESPACE}
|
|
|
- echo "✅ 镜像更新完成,Kubernetes 将自动处理滚动更新"
|
|
|
+ echo "✅ 镜像更新完成"
|
|
|
fi
|
|
|
|
|
|
- # 等待 Deployment 就绪
|
|
|
- # echo ">>> 等待 Deployment 就绪..."
|
|
|
- # kubectl wait --for=condition=available --timeout=300s deployment/${PROJECT_NAME} -n ${params.NAMESPACE}
|
|
|
-
|
|
|
# 显示部署状态
|
|
|
echo ">>> 部署状态:"
|
|
|
kubectl get all -n ${params.NAMESPACE}
|
|
|
- kubectl get ingress -n ${params.NAMESPACE} || echo ">>> 未配置 Ingress"
|
|
|
+ kubectl get ingress -n ${params.NAMESPACE}
|
|
|
|
|
|
- # 根据配置显示访问信息
|
|
|
- if [ -n "${domain}" ]; then
|
|
|
- echo "✅ 应用部署完成!"
|
|
|
- echo "🌐 访问地址:https://${domain}"
|
|
|
- echo " 注意:请确保域名 ${domain} 已正确解析到 Ingress 控制器的外部 IP"
|
|
|
- else
|
|
|
- echo "✅ 应用部署完成!"
|
|
|
- echo "🌐 访问地址:"
|
|
|
- echo " HTTP: http://47.121.135.46:30085"
|
|
|
- echo " HTTPS: https://47.121.135.46:30085"
|
|
|
- echo " 注意:使用 NodePort 方式访问,端口为 30085"
|
|
|
- fi
|
|
|
+ echo "✅ 应用部署完成!"
|
|
|
+ echo "�� 访问地址:https://${env.DOMAIN}"
|
|
|
+ echo " 注意:请确保域名 ${env.DOMAIN} 已正确解析到集群"
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
|
@@ -296,7 +211,6 @@ EOF
|
|
|
stage('🔍 部署验证') {
|
|
|
steps {
|
|
|
script {
|
|
|
- def domain = params.DOMAIN?.trim()
|
|
|
sh """
|
|
|
export KUBECONFIG=${KUBECONFIG_PATH}
|
|
|
|
|
|
@@ -306,19 +220,13 @@ EOF
|
|
|
kubectl get pods -n ${params.NAMESPACE} -l app=${PROJECT_NAME}
|
|
|
|
|
|
# 检查 Service 状态
|
|
|
- if [ -n "${domain}" ]; then
|
|
|
- kubectl get svc -n ${params.NAMESPACE} ${PROJECT_NAME}
|
|
|
- kubectl get ingress -n ${params.NAMESPACE} ${PROJECT_NAME}-ingress
|
|
|
- kubectl get secret -n ${params.NAMESPACE} ${params.TLS_SECRET}
|
|
|
- else
|
|
|
- kubectl get svc -n ${params.NAMESPACE} ${PROJECT_NAME}-nodeport
|
|
|
- fi
|
|
|
+ kubectl get svc -n ${params.NAMESPACE} ${PROJECT_NAME}
|
|
|
|
|
|
- # 检查 Ingress 控制器状态(如果配置了域名)
|
|
|
- if [ -n "${domain}" ]; then
|
|
|
- echo ">>> Ingress 控制器状态:"
|
|
|
- kubectl get svc ingress-nginx-controller -n ingress-nginx
|
|
|
- fi
|
|
|
+ # 检查 Ingress 状态
|
|
|
+ kubectl get ingress -n ${params.NAMESPACE} ${PROJECT_NAME}-ingress
|
|
|
+
|
|
|
+ # 检查 TLS Secret
|
|
|
+ kubectl get secret -n ${params.NAMESPACE} ${env.TLS_SECRET}
|
|
|
|
|
|
echo "✅ 部署验证完成"
|
|
|
"""
|
|
|
@@ -369,16 +277,7 @@ EOF
|
|
|
post {
|
|
|
success {
|
|
|
echo "✅ 构建 & 部署成功!"
|
|
|
- script {
|
|
|
- if (params.DOMAIN?.trim()) {
|
|
|
- echo "🌐 应用可通过 https://${params.DOMAIN} 访问"
|
|
|
- echo " 请确保域名已解析到 Ingress 控制器的外部 IP"
|
|
|
- } else {
|
|
|
- echo "🌐 应用可通过以下地址访问:"
|
|
|
- echo " HTTP: http://47.121.135.46:30085"
|
|
|
- echo " HTTPS: https://47.121.135.46:30085"
|
|
|
- }
|
|
|
- }
|
|
|
+ echo "🌐 应用可通过 https://${env.DOMAIN} 访问"
|
|
|
}
|
|
|
failure {
|
|
|
echo "❌ 构建或部署失败,请检查日志"
|
