Jenkins 环境准备和配置
1、 安装必要插件
首先在 Jenkins 中安装以下必需插件:
系统管理 → 插件管理 → 可选插件
Kubernetes Plugin (版本 1.31.3+)
Docker Pipeline Plugin (版本 1.28+)
Helm Plugin (版本 1.0.0+)
Git Plugin (版本 4.11.3+)
Pipeline Plugin (版本 2.6+)
Blue Ocean Plugin (可选,用于可视化)
Config File Provider Plugin (用于管理配置文件)
2 、配置 Kubernetes Cloud
系统管理 → 节点管理 → Configure Clouds
# Kubernetes 云配置
名称: kubernetes
Kubernetes 地址: https://kubernetes.default.svc
Kubernetes 命名空间: jenkins
凭据: 添加 kubeconfig 文件或 Service Account
Jenkins 地址: http://jenkins.jenkins.svc.cluster.local:80803、 配置凭据
凭据 → 系统 → 全局凭据 → 添加凭据
Docker Registry 凭据
类型: Username with password
用户名: your-docker-username
密码: your-docker-password
ID: docker-registry-creds
Git 凭据
类型: SSH Username with private key
用户名: git
私钥: 粘贴 SSH 私钥
ID: git-ssh-key
Kubernetes 配置
类型: Secret file
文件: 上传 kubeconfig 文件
ID: kubeconfig-file4 完整 的JenkinsFile
#!/usr/bin/env groovy
// 定义全局参数
properties([
parameters([
choice(
choices: ['dev', 'staging', 'production'],
description: '选择部署环境',
name: 'DEPLOY_ENV'
),
string(
defaultValue: '',
description: 'Docker 镜像标签 (留空使用 BUILD_NUMBER)',
name: 'CUSTOM_TAG'
),
booleanParam(
defaultValue: false,
description: '是否跳过测试',
name: 'SKIP_TESTS'
)
]),
buildDiscarder(logRotator(numToKeepStr: '20')),
pipelineTriggers([
pollSCM('H/5 * * * *')
])
])
// 环境配置映射
def loadEnvironmentConfig() {
def configs = [
dev: [
namespace: 'development',
replicas: 1,
ingressHost: 'dev.myapp.com',
cpuRequest: '100m',
memoryRequest: '128Mi',
cpuLimit: '200m',
memoryLimit: '256Mi',
helmTimeout: '5m',
autoApproval: true
],
staging: [
namespace: 'staging',
replicas: 2,
ingressHost: 'staging.myapp.com',
cpuRequest: '200m',
memoryRequest: '256Mi',
cpuLimit: '500m',
memoryLimit: '512Mi',
helmTimeout: '10m',
autoApproval: false
],
production: [
namespace: 'production',
replicas: 3,
ingressHost: 'myapp.com',
cpuRequest: '500m',
memoryRequest: '512Mi',
cpuLimit: '1000m',
memoryLimit: '1Gi',
helmTimeout: '15m',
autoApproval: false
]
]
return configs[params.DEPLOY_ENV]
}
pipeline {
agent {
kubernetes {
label "helm-cicd-${env.BUILD_NUMBER}"
yaml """
apiVersion: v1
kind: Pod
metadata:
labels:
app: jenkins-agent
spec:
serviceAccount: jenkins-agent
containers:
- name: helm
image: alpine/helm:3.12.0
command: ['cat']
tty: true
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
- name: kubectl
image: bitnami/kubectl:1.27
command: ['cat']
tty: true
env:
- name: KUBECONFIG
value: /home/jenkins/.kube/config
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
- name: docker
image: docker:20.10-dind
command: ['cat']
tty: true
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
securityContext:
privileged: true
- name: node
image: node:18-alpine
command: ['cat']
tty: true
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "500m"
volumes:
- name: docker-sock
emptyDir: {}
"""
}
}
environment {
// 基础配置
REGISTRY = "registry.mycompany.com"
PROJECT = "myproject"
APP_NAME = "myapp"
HELM_CHART_PATH = "kubernetes/charts/myapp"
DOCKERFILE_PATH = "."
// 从凭据中获取
DOCKER_CREDS = credentials('docker-registry-creds')
GIT_SSH_KEY = credentials('git-ssh-key')
// 动态设置
IMAGE_TAG = "${params.CUSTOM_TAG ?: env.BUILD_NUMBER}"
FULL_IMAGE_NAME = "${REGISTRY}/${PROJECT}/${APP_NAME}:${IMAGE_TAG}"
}
stages {
// 阶段 1: 代码检出
stage('Checkout Code') {
steps {
timestamps {
echo "开始检出代码,环境: ${params.DEPLOY_ENV}"
git branch: 'main',
credentialsId: 'git-ssh-key',
url: 'git@github.com:myorg/myrepo.git'
sh 'git log -1 --oneline'
sh 'ls -la'
}
}
}
// 阶段 2: 代码质量检查
stage('Code Quality') {
steps {
container('node') {
timestamps {
echo "运行代码质量检查"
sh """
npm install
npm run lint
npm run test:unit
"""
}
}
}
}
// 阶段 3: Helm Chart 验证
stage('Validate Helm Chart') {
steps {
container('helm') {
timestamps {
echo "验证 Helm Chart"
script {
// 更新依赖
sh """
helm dependency update ${HELM_CHART_PATH}
helm dependency build ${HELM_CHART_PATH}
"""
// Chart 语法检查
sh "helm lint ${HELM_CHART_PATH} --strict"
// 模板渲染测试
sh """
helm template ${APP_NAME} ${HELM_CHART_PATH} \
--namespace default \
--set image.repository=${REGISTRY}/${PROJECT}/${APP_NAME} \
--set image.tag=${IMAGE_TAG} \
--debug
"""
// 验证 values 文件
if (fileExists("${HELM_CHART_PATH}/values-${params.DEPLOY_ENV}.yaml")) {
sh """
helm template ${APP_NAME} ${HELM_CHART_PATH} \
-f ${HELM_CHART_PATH}/values-${params.DEPLOY_ENV}.yaml \
--debug
"""
}
}
}
}
}
}
// 阶段 4: 构建 Docker 镜像
stage('Build and Push Docker Image') {
steps {
container('docker') {
timestamps {
echo "构建和推送 Docker 镜像"
script {
// 登录 Docker Registry
sh """
docker login -u ${DOCKER_CREDS_USR} -p ${DOCKER_CREDS_PSW} ${REGISTRY}
"""
// 构建镜像
sh """
docker build \
-t ${FULL_IMAGE_NAME} \
-t ${REGISTRY}/${PROJECT}/${APP_NAME}:latest \
-f ${DOCKERFILE_PATH}/Dockerfile \
${DOCKERFILE_PATH}
"""
// 推送镜像
sh """
docker push ${FULL_IMAGE_NAME}
docker push ${REGISTRY}/${PROJECT}/${APP_NAME}:latest
"""
// 清理本地镜像
sh """
docker rmi ${FULL_IMAGE_NAME} || true
docker rmi ${REGISTRY}/${PROJECT}/${APP_NAME}:latest || true
"""
}
}
}
}
}
// 阶段 5: 部署到开发环境
stage('Deploy to Development') {
when {
expression { params.DEPLOY_ENV == 'dev' }
}
steps {
container('helm') {
timestamps {
echo "部署到开发环境"
script {
def config = loadEnvironmentConfig()
sh """
helm upgrade --install ${APP_NAME} ${HELM_CHART_PATH} \
--namespace ${config.namespace} \
--set image.repository=${REGISTRY}/${PROJECT}/${APP_NAME} \
--set image.tag=${IMAGE_TAG} \
--set replicaCount=${config.replicas} \
--set resources.requests.cpu=${config.cpuRequest} \
--set resources.requests.memory=${config.memoryRequest} \
--set resources.limits.cpu=${config.cpuLimit} \
--set resources.limits.memory=${config.memoryLimit} \
--set ingress.hosts[0].host=${config.ingressHost} \
--wait \
--timeout ${config.helmTimeout} \
--atomic
"""
}
}
}
}
}
// 阶段 6: 集成测试
stage('Integration Tests') {
when {
expression { params.DEPLOY_ENV in ['dev', 'staging'] && !params.SKIP_TESTS }
}
steps {
container('node') {
timestamps {
echo "运行集成测试"
script {
def config = loadEnvironmentConfig()
// 等待应用就绪
container('kubectl') {
sh """
kubectl wait --for=condition=ready pod -l app=${APP_NAME} \
-n ${config.namespace} \
--timeout=300s
"""
}
// 运行测试
sh """
npm run test:integration \
--baseUrl=http://${APP_NAME}.${config.namespace}.svc.cluster.local
"""
}
}
}
}
}
// 阶段 7: 人工审批 (预生产和生产环境)
stage('Manual Approval') {
when {
expression {
params.DEPLOY_ENV in ['staging', 'production'] &&
!loadEnvironmentConfig().autoApproval
}
}
steps {
timestamps {
script {
def config = loadEnvironmentConfig()
def approvers = params.DEPLOY_ENV == 'production' ?
'production-team' : 'qa-team'
input(
message: "确认部署到 ${params.DEPLOY_ENV} 环境?",
ok: "确认部署",
submitterParameter: 'APPROVER',
submitter: approvers
)
echo "部署已由 ${env.APPROVER} 批准"
}
}
}
}
// 阶段 8: 部署到预生产/生产环境
stage('Deploy to Staging/Production') {
when {
expression { params.DEPLOY_ENV in ['staging', 'production'] }
}
steps {
container('helm') {
timestamps {
echo "部署到 ${params.DEPLOY_ENV} 环境"
script {
def config = loadEnvironmentConfig()
// 使用 values 文件进行部署
def valuesFiles = ""
if (fileExists("${HELM_CHART_PATH}/values-${params.DEPLOY_ENV}.yaml")) {
valuesFiles = "-f ${HELM_CHART_PATH}/values-${params.DEPLOY_ENV}.yaml"
}
sh """
helm upgrade --install ${APP_NAME} ${HELM_CHART_PATH} \
--namespace ${config.namespace} \
--set image.repository=${REGISTRY}/${PROJECT}/${APP_NAME} \
--set image.tag=${IMAGE_TAG} \
--set replicaCount=${config.replicas} \
--set resources.requests.cpu=${config.cpuRequest} \
--set resources.requests.memory=${config.memoryRequest} \
--set resources.limits.cpu=${config.cpuLimit} \
--set resources.limits.memory=${config.memoryLimit} \
--set ingress.hosts[0].host=${config.ingressHost} \
${valuesFiles} \
--wait \
--timeout ${config.helmTimeout} \
--atomic \
--create-namespace
"""
}
}
}
}
}
// 阶段 9: 健康检查
stage('Health Check') {
steps {
container('kubectl') {
timestamps {
echo "执行健康检查"
script {
def config = loadEnvironmentConfig()
// 检查 Pod 状态
sh """
kubectl get pods -n ${config.namespace} -l app=${APP_NAME}
kubectl wait --for=condition=ready pod -l app=${APP_NAME} \
-n ${config.namespace} \
--timeout=600s
"""
// 检查服务端点
sh """
kubectl get svc -n ${config.namespace} ${APP_NAME}
kubectl get ingress -n ${config.namespace} ${APP_NAME}
"""
// 简单的应用健康检查
sh """
curl -f http://${APP_NAME}.${config.namespace}.svc.cluster.local/health || \
curl -f https://${config.ingressHost}/health || \
echo "Health check endpoint might be different"
"""
}
}
}
}
}
}
post {
always {
timestamps {
echo "Pipeline 执行完成 - ${currentBuild.result}"
// 收集部署信息
container('kubectl') {
script {
if (params.DEPLOY_ENV) {
def config = loadEnvironmentConfig()
sh """
echo "=== 部署状态 ==="
kubectl get deployments -n ${config.namespace} ${APP_NAME} -o wide
echo ""
echo "=== Pod 状态 ==="
kubectl get pods -n ${config.namespace} -l app=${APP_NAME}
echo ""
echo "=== 服务状态 ==="
kubectl get svc -n ${config.namespace} -l app=${APP_NAME}
"""
}
}
}
// 清理工作空间
cleanWs()
}
}
success {
script {
def config = loadEnvironmentConfig()
emailext (
subject: "SUCCESS: 部署 ${APP_NAME} 到 ${params.DEPLOY_ENV}",
body: """
<h2>部署成功!</h2>
<p><strong>应用:</strong> ${APP_NAME}</p>
<p><strong>环境:</strong> ${params.DEPLOY_ENV}</p>
<p><strong>镜像:</strong> ${FULL_IMAGE_NAME}</p>
<p><strong>构建:</strong> ${env.BUILD_URL}</p>
<p><strong>访问地址:</strong> https://${config.ingressHost}</p>
""",
to: 'team@mycompany.com'
)
}
}
failure {
script {
emailext (
subject: "FAILED: 部署 ${APP_NAME} 到 ${params.DEPLOY_ENV}",
body: """
<h2>部署失败!</h2>
<p><strong>应用:</strong> ${APP_NAME}</p>
<p><strong>环境:</strong> ${params.DEPLOY_ENV}</p>
<p><strong>构建:</strong> ${env.BUILD_URL}</p>
<p>请检查 Jenkins 日志获取详细信息。</p>
""",
to: 'devops@mycompany.com'
)
}
}
unstable {
echo "Pipeline 标记为不稳定"
}
}
options {
timeout(time: 30, unit: 'MINUTES')
retry(2)
timestamps()
}
}5、配套的 Helm Chart 结构
kubernetes/charts/myapp/
├── Chart.yaml
├── values.yaml
├── values-dev.yaml
├── values-staging.yaml
├── values-production.yaml
├── charts/
├── templates/
│ ├── deployment.yaml
│ ├── service.yaml
│ ├── ingress.yaml
│ ├── configmap.yaml
│ ├── secrets.yaml
│ └── hpa.yaml
└── .helmignore6、values.yaml
# 默认配置
replicaCount: 1
image:
repository: ""
tag: "latest"
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
targetPort: 8080
ingress:
enabled: true
className: "nginx"
hosts:
- host: "chart-example.local"
paths:
- path: /
pathType: Prefix
tls: []
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
env:
- name: ENVIRONMENT
value: "development"7、蓝绿发布
stage('Blue-Green Deployment') {
steps {
script {
def currentDeployment = sh(
script: "helm get values ${APP_NAME} -n ${KUBE_NAMESPACE} -o json | jq -r '.color' 2>/dev/null || echo 'blue'",
returnStdout: true
).trim()
def newColor = currentDeployment == 'blue' ? 'green' : 'blue'
// 部署新版本
container('helm') {
sh """
helm upgrade --install ${APP_NAME}-${newColor} ${HELM_CHART_PATH} \
--namespace ${KUBE_NAMESPACE} \
--set image.tag=${env.BUILD_NUMBER} \
--set image.repository=${REGISTRY}/${PROJECT}/${APP_NAME} \
--set color=${newColor} \
--set service.color=${newColor} \
--wait --timeout 300s
"""
}
// 切换流量
sh """
kubectl patch svc ${APP_NAME} -n ${KUBE_NAMESPACE} \
-p '{"spec":{"selector":{"color":"${newColor}"}}}'
"""
// 清理旧版本
sh "helm uninstall ${APP_NAME}-${currentDeployment} -n ${KUBE_NAMESPACE} || true"
}
}
}
