| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156 |
- pipeline {
- agent any
- parameters {
- choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境')
- string(name: 'NAMESPACE', defaultValue: 'portal-frontends', description: 'K8s 命名空间')
- }
- environment {
- PROJECT_NAME = 'portal-service-frontend'
- BUILD_DIR = 'dist'
- NODE_ENV = 'production'
- HARBOR_HOST = '8.130.28.21:81'
- KUBECONFIG_PATH = '/root/.kube/config'
- NODE1_IP = '172.27.73.147'
- NODE2_IP = '172.27.73.146'
- HARBOR_USER = 'admin'
- HARBOR_PASS = 'Hfln@1024'
- HARBOR_RETENTION_ID = '1'
- DOMAIN = 'radar-power.asia'
- TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
- TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
- TLS_SECRET_NAME = 'portal-tls'
- INGRESS_CLASS = 'nginx' // 新增 ingress class 环境变量
- }
- stages {
- // ... 省略前面步骤不变 ...
- stage('📦 处理命名空间和 TLS Secret') {
- steps {
- script {
- sh """
- export KUBECONFIG=${env.KUBECONFIG_PATH}
- # 判断命名空间是否存在,不存在则创建
- if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
- echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
- kubectl create namespace ${params.NAMESPACE}
- else
- echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
- fi
- # 判断 TLS Secret 是否存在,不存在则创建
- if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
- echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
- kubectl create secret tls ${env.TLS_SECRET_NAME} \
- --cert=${env.TLS_CERT_PATH} \
- --key=${env.TLS_KEY_PATH} \
- -n ${params.NAMESPACE}
- else
- echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建"
- fi
- """
- }
- }
- }
- stage('📦 部署到 Kubernetes') {
- steps {
- script {
- def ingressBlock = """---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
- spec:
- ingressClassName: ${env.INGRESS_CLASS} # 指定 ingressClassName
- tls:
- - hosts:
- - ${env.DOMAIN}
- secretName: ${env.TLS_SECRET_NAME}
- rules:
- - host: ${env.DOMAIN}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: ${env.PROJECT_NAME}
- port:
- number: 80
- """
- def deployYaml = """apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- spec:
- replicas: 2
- selector:
- matchLabels:
- app: ${env.PROJECT_NAME}
- template:
- metadata:
- labels:
- app: ${env.PROJECT_NAME}
- spec:
- containers:
- - name: ${env.PROJECT_NAME}
- image: ${env.IMAGE_TAG}
- ports:
- - containerPort: 80
- env:
- - name: NODE_ENV
- value: "${params.env}"
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- spec:
- type: NodePort
- selector:
- app: ${env.PROJECT_NAME}
- ports:
- - port: 80
- targetPort: 80
- nodePort: 30088
- ${ingressBlock}
- """
- writeFile file: 'deploy.yaml', text: deployYaml
- sh """
- export KUBECONFIG=${env.KUBECONFIG_PATH}
- kubectl apply -f deploy.yaml
- kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]'
- """
- echo ">>> ✅ 部署完成(含 Ingress),访问地址:https://${env.DOMAIN}/ (请确保 DNS 已指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)"
- }
- }
- }
- // ... 其余步骤不变 ...
- }
- post {
- success {
- echo "✅ 构建 & 部署成功 🎉"
- }
- failure {
- echo "❌ 构建或部署失败,请检查日志"
- }
- always {
- cleanWs()
- }
- }
- }
|
