pipeline { agent any parameters { choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境') string(name: 'NAMESPACE', defaultValue: 'portal-frontends', description: 'K8s 命名空间') } environment { PROJECT_NAME = 'portal-service-frontend' BUILD_DIR = 'dist' NODE_ENV = 'production' HARBOR_HOST = '8.130.28.21:81' KUBECONFIG_PATH = '/root/.kube/config' NODE1_IP = '172.27.73.147' NODE2_IP = '172.27.73.146' HARBOR_USER = 'admin' HARBOR_PASS = 'Hfln@1024' HARBOR_RETENTION_ID = '1' DOMAIN = 'radar-power.asia' TLS_CERT_PATH = '/data/cert/radar-power.asia.pem' TLS_KEY_PATH = '/data/cert/radar-power.asia.key' TLS_SECRET_NAME = 'portal-tls' INGRESS_CLASS = 'nginx' // 新增 ingress class 环境变量 } stages { // ... 省略前面步骤不变 ... stage('📦 处理命名空间和 TLS Secret') { steps { script { sh """ export KUBECONFIG=${env.KUBECONFIG_PATH} # 判断命名空间是否存在,不存在则创建 if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..." kubectl create namespace ${params.NAMESPACE} else echo ">>> 命名空间 ${params.NAMESPACE} 已存在" fi # 判断 TLS Secret 是否存在,不存在则创建 if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..." kubectl create secret tls ${env.TLS_SECRET_NAME} \ --cert=${env.TLS_CERT_PATH} \ --key=${env.TLS_KEY_PATH} \ -n ${params.NAMESPACE} else echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建" fi """ } } } stage('📦 部署到 Kubernetes') { steps { script { def ingressBlock = """--- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: ${env.INGRESS_CLASS} # 指定 ingressClassName tls: - hosts: - ${env.DOMAIN} secretName: ${env.TLS_SECRET_NAME} rules: - host: ${env.DOMAIN} http: paths: - path: / pathType: Prefix backend: service: name: ${env.PROJECT_NAME} port: number: 80 """ def deployYaml = """apiVersion: apps/v1 kind: Deployment metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} spec: replicas: 2 selector: matchLabels: app: ${env.PROJECT_NAME} template: metadata: labels: app: ${env.PROJECT_NAME} spec: containers: - name: ${env.PROJECT_NAME} image: ${env.IMAGE_TAG} ports: - containerPort: 80 env: - name: NODE_ENV value: "${params.env}" --- apiVersion: v1 kind: Service metadata: name: ${env.PROJECT_NAME} namespace: ${params.NAMESPACE} spec: type: NodePort selector: app: ${env.PROJECT_NAME} ports: - port: 80 targetPort: 80 nodePort: 30088 ${ingressBlock} """ writeFile file: 'deploy.yaml', text: deployYaml sh """ export KUBECONFIG=${env.KUBECONFIG_PATH} kubectl apply -f deploy.yaml kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]' """ echo ">>> ✅ 部署完成(含 Ingress),访问地址:https://${env.DOMAIN}/ (请确保 DNS 已指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)" } } } // ... 其余步骤不变 ... } post { success { echo "✅ 构建 & 部署成功 🎉" } failure { echo "❌ 构建或部署失败,请检查日志" } always { cleanWs() } } }