pipeline { agent any parameters { choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境') string(name: 'NAMESPACE', defaultValue: 'portal-frontend', description: 'K8s 命名空间') string(name: 'DOMAIN', defaultValue: '', description: 'Ingress 域名(留空则不创建 Ingress)') } environment { PROJECT_NAME = 'portal-service-frontend' BUILD_DIR = 'dist' NODE_ENV = 'production' HARBOR_HOST = '8.130.28.21:81' KUBECONFIG_PATH = '/root/.kube/config' NODE1_IP = '172.27.73.147' NODE2_IP = '172.27.73.146' HARBOR_USER = 'admin' HARBOR_PASS = 'Hfln@1024' HARBOR_RETENTION_ID = '1' } stages { stage('🧬 初始化环境') { steps { script { env.HARBOR_PROJECT = params.env env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}" echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}" echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}" } } } stage('📥 拉取代码') { steps { checkout scm echo "✅ 代码拉取成功" } } stage('🔧 构建 Docker 镜像') { steps { script { sh """ docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} docker build --build-arg ENV=${params.env} -t ${env.IMAGE_TAG} . """ echo "✅ 镜像构建成功:${env.IMAGE_TAG}" } } } stage('🚀 推送镜像到 Harbor') { steps { script { sh """ docker push ${env.IMAGE_TAG} docker rmi ${env.IMAGE_TAG} || true """ echo "✅ 镜像推送并本地清理完成" } } } stage('🔍 测试节点能否拉取镜像') { steps { script { echo ">>> 测试节点能否拉取镜像..." // 注意:确保 Jenkins 节点能免密 SSH 到这些节点,或将这一步改为跳过 sh """ ssh root@${env.NODE1_IP} docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG} || echo '[❌ 节点 ${env.NODE1_IP} 拉取失败]' ssh root@${env.NODE2_IP} docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG} || echo '[❌ 节点 ${env.NODE2_IP} 拉取失败]' """ } } } stage('📦 部署到 Kubernetes') { steps { script { def domain = params.DOMAIN?.trim() // 组装 ingress 块(如果 domain 非空) def ingressBlock = '' if (domain) { ingressBlock = """--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: tls: - hosts: - ${domain} secretName: portal-tls rules: - host: ${domain} http: paths: - path: / pathType: Prefix backend: service: name: ${env.PROJECT_NAME} port: number: 80 """ } // 生成完整 deploy.yaml 内容 def deployYaml = """apiVersion: apps/v1 kind: Deployment metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} spec: replicas: 2 selector: matchLabels: app: ${env.PROJECT_NAME} template: metadata: labels: app: ${env.PROJECT_NAME} spec: containers: - name: ${env.PROJECT_NAME} image: ${env.IMAGE_TAG} ports: - containerPort: 80 env: - name: NODE_ENV value: "${params.env}" --- apiVersion: v1 kind: Service metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} spec: type: NodePort selector: app: ${env.PROJECT_NAME} ports: - port: 80 targetPort: 80 nodePort: 30088 ${ingressBlock} """ writeFile file: 'deploy.yaml', text: deployYaml sh """ export KUBECONFIG=${env.KUBECONFIG_PATH} kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1 || kubectl create ns ${params.NAMESPACE} kubectl apply -f deploy.yaml kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]' """ if (domain) { echo ">>> ✅ 部署完成(含 Ingress),访问地址:https://${domain}/ (请确保 DNS 已指向 Ingress 公网 IP 且 secret portal-tls 已创建)" } else { echo ">>> ✅ 部署完成(NodePort),访问地址:http://${env.NODE1_IP}:30088/ 或 http://${env.NODE2_IP}:30088/" } } } } stage('🧹 清理本地旧镜像(保留最新3个)') { steps { script { def baseImage = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}" sh """ docker images ${baseImage} --format "{{.Repository}}:{{.Tag}}" \\ | grep -v latest \\ | sort -r -t ':' -k2 \\ | tail -n +4 \\ | xargs -r docker rmi || true """ echo "✅ 本地旧镜像清理完成" } } } stage('🧼 清理 dangling 镜像') { steps { script { sh """ docker images -f "dangling=true" -q | xargs -r docker rmi || true """ echo "✅ 悬空镜像()清理完成" } } } stage('🔁 触发 Harbor 镜像保留策略(可选)') { steps { script { sh """ curl -u ${env.HARBOR_USER}:${env.HARBOR_PASS} -X POST "http://${env.HARBOR_HOST}/api/v2.0/retentions/${env.HARBOR_RETENTION_ID}/executions" || echo '[retention trigger failed]' """ echo "✅ Harbor 镜像保留策略已触发(若配置)" } } } } post { success { echo "✅ 构建 & 部署成功 🎉" } failure { echo "❌ 构建或部署失败,请检查日志" } always { cleanWs() } } }