| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242 |
- pipeline {
- agent any
- parameters {
- choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境')
- string(name: 'NAMESPACE', defaultValue: 'portal-frontends', description: 'K8s 命名空间')
- }
- environment {
- PROJECT_NAME = 'portal-service-frontend' // 服务名称,保持和 Deployment、Service 一致
- NODE_ENV = 'production'
- HARBOR_HOST = '8.130.28.21:81'
- KUBECONFIG_PATH = '/root/.kube/config'
- NODE1_IP = '172.27.73.147'
- NODE2_IP = '172.27.73.146'
- HARBOR_USER = 'admin'
- HARBOR_PASS = 'Hfln@1024'
- HARBOR_RETENTION_ID = '1'
- DOMAIN = 'radar-power.asia'
- TLS_CERT_PATH = '/data/cert/radar-power.asia.pem'
- TLS_KEY_PATH = '/data/cert/radar-power.asia.key'
- TLS_SECRET_NAME = 'portal-tls'
- INGRESS_CLASS = 'nginx' // ingress controller 的 ingressClass 名称
- }
- stages {
- stage('🧬 初始化环境') {
- steps {
- script {
- env.HARBOR_PROJECT = params.env
- env.IMAGE_TAG = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}:${BUILD_NUMBER}"
- echo ">>> 环境:${params.env}, Harbor项目:${env.HARBOR_PROJECT}, K8s命名空间:${params.NAMESPACE}"
- echo ">>> IMAGE_TAG = ${env.IMAGE_TAG}"
- }
- }
- }
- stage('📥 拉取代码') {
- steps {
- checkout scm
- echo "✅ 代码拉取成功"
- }
- }
- stage('🔧 构建 Docker 镜像') {
- steps {
- script {
- sh """
- docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST}
- docker build --build-arg ENV=${params.env} -t ${env.IMAGE_TAG} .
- """
- echo "✅ 镜像构建成功:${env.IMAGE_TAG}"
- }
- }
- }
- stage('🚀 推送镜像到 Harbor') {
- steps {
- script {
- sh """
- docker push ${env.IMAGE_TAG}
- docker rmi ${env.IMAGE_TAG} || true
- """
- echo "✅ 镜像推送并本地清理完成"
- }
- }
- }
- stage('🔍 测试节点能否拉取镜像') {
- steps {
- script {
- echo ">>> 测试节点能否拉取镜像..."
- sh """
- ssh root@${env.NODE1_IP} "docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG}" || echo '[❌ 节点 ${env.NODE1_IP} 拉取失败]'
- ssh root@${env.NODE2_IP} "docker login -u ${env.HARBOR_USER} -p ${env.HARBOR_PASS} ${env.HARBOR_HOST} && docker pull ${env.IMAGE_TAG}" || echo '[❌ 节点 ${env.NODE2_IP} 拉取失败]'
- """
- }
- }
- }
- stage('📦 处理命名空间和 TLS Secret') {
- steps {
- script {
- sh """
- export KUBECONFIG=${env.KUBECONFIG_PATH}
- if ! kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1; then
- echo ">>> 命名空间 ${params.NAMESPACE} 不存在,正在创建..."
- kubectl create namespace ${params.NAMESPACE}
- else
- echo ">>> 命名空间 ${params.NAMESPACE} 已存在"
- fi
- if ! kubectl get secret ${env.TLS_SECRET_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
- echo ">>> 未检测到 TLS Secret ${env.TLS_SECRET_NAME},正在创建..."
- kubectl create secret tls ${env.TLS_SECRET_NAME} \
- --cert=${env.TLS_CERT_PATH} \
- --key=${env.TLS_KEY_PATH} \
- -n ${params.NAMESPACE}
- else
- echo ">>> TLS Secret ${env.TLS_SECRET_NAME} 已存在,跳过创建"
- fi
- """
- }
- }
- }
- stage('📦 部署到 Kubernetes') {
- steps {
- script {
- // 注意 Deployment metadata.name 与 Service metadata.name 保持一致
- // Deployment labels 与 Service selector 保持完全一致,确保服务能找到对应 Pod
- def deployYaml = """
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- spec:
- replicas: 2
- selector:
- matchLabels:
- app: ${env.PROJECT_NAME}
- template:
- metadata:
- labels:
- app: ${env.PROJECT_NAME}
- spec:
- containers:
- - name: ${env.PROJECT_NAME}
- image: ${env.IMAGE_TAG}
- ports:
- - containerPort: 80
- env:
- - name: NODE_ENV
- value: "${params.env}"
- ---
- apiVersion: v1
- kind: Service
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- spec:
- type: ClusterIP
- selector:
- app: ${env.PROJECT_NAME}
- ports:
- - port: 80
- targetPort: 80
- ---
- apiVersion: networking.k8s.io/v1
- kind: Ingress
- metadata:
- name: ${env.PROJECT_NAME}
- namespace: ${params.NAMESPACE}
- annotations:
- nginx.ingress.kubernetes.io/rewrite-target: /
- spec:
- ingressClassName: ${env.INGRESS_CLASS}
- tls:
- - hosts:
- - ${env.DOMAIN}
- secretName: ${env.TLS_SECRET_NAME}
- rules:
- - host: ${env.DOMAIN}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: ${env.PROJECT_NAME}
- port:
- number: 80
- """
- writeFile file: 'deploy.yaml', text: deployYaml
- sh """
- export KUBECONFIG=${env.KUBECONFIG_PATH}
- kubectl apply -f deploy.yaml
- kubectl rollout status deployment/${env.PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s || echo '[rollout timeout or incomplete]'
- """
- echo ">>> ✅ 部署完成,访问地址:https://${env.DOMAIN}/ (请确保 DNS 指向 Ingress 公网 IP 且 secret ${env.TLS_SECRET_NAME} 已创建)"
- }
- }
- }
- stage('🧹 清理本地旧镜像(保留最新3个)') {
- steps {
- script {
- def baseImage = "${env.HARBOR_HOST}/${env.HARBOR_PROJECT}/${env.PROJECT_NAME}"
- sh """
- docker images ${baseImage} --format "{{.Repository}}:{{.Tag}}" \\
- | grep -v latest \\
- | sort -r -t ':' -k2 \\
- | tail -n +4 \\
- | xargs -r docker rmi || true
- """
- echo "✅ 本地旧镜像清理完成"
- }
- }
- }
- stage('🧼 清理 dangling 镜像') {
- steps {
- script {
- sh """
- docker images -f "dangling=true" -q | xargs -r docker rmi || true
- """
- echo "✅ 悬空镜像(<none>)清理完成"
- }
- }
- }
- stage('🔁 触发 Harbor 镜像保留策略(可选)') {
- steps {
- script {
- sh """
- curl -u ${env.HARBOR_USER}:${env.HARBOR_PASS} -X POST "http://${env.HARBOR_HOST}/api/v2.0/retentions/${env.HARBOR_RETENTION_ID}/executions" || echo '[retention trigger failed]'
- """
- echo "✅ Harbor 镜像保留策略已触发(若配置)"
- }
- }
- }
- }
- post {
- success {
- echo "✅ 构建 & 部署成功 🎉"
- }
- failure {
- echo "❌ 构建或部署失败,请检查日志"
- }
- always {
- cleanWs()
- }
- }
- }
|
