问题描述

我正在尝试使用Helm 3和jenkins部署k8s集群. Jenkins和k8s运行在不同的服务器上，我合并了kubeconfig文件，所有信息都放在一个配置文件./kube目录中.我想根据GIT_BRANCH值将我的应用程序部署到相关的环境和名称空间.以下脚本有两个问题.

I am trying to deploy k8s cluster using Helm 3 and jenkins. Jenkins and k8s running on different servers.I merged the kubeconfig files and I had all information in one config file ./kube directory. I would like to deploy my app to the related environment and namespace according to the GIT_BRANCH value. I have two question for below script.

1.我应该存储k8s集群凭证并在管道中使用的最佳方法是什么.我看到了一些插件，例如Kubernetes CLI，但是我不确定它是否可以满足我的要求.如果我使用此插件，则应该手动将k8s文件存储到Jenkins机器中，还是该插件已经可以通过上传配置文件来处理此问题.

1.What is the best way should I store k8s cluster credentials and will use in pipeline. I saw some plugins such as Kubernetes CLI but I can not be sure whether it will cover my requirement. If I use this plugin, should I store k8s file in to Jenkins machine manually or this plugin already handle this with uploading config file.

2.是否应该更改以下脚本中的任何内容以遵循最佳做法?

2.Should I change anything in below script to follow best practices?

         stage('Deploy to dev'){
         script{
             steps{
                 if(env.GIT_BRANCH.contains("dev")){

                        def namespace="dev"
                        def ENV="development"

                        withCredentials([file(credentialsId: ...)]) {
                        // change context with related namespace
                        sh "kubectl config set-context $(kubectl config current-context) --namespace=${namespace}"

                        //Deploy with Helm
                        echo "Deploying"
                        sh "helm upgrade --install road-dashboard -f values.${ENV}.yaml --set tag=$TAG --namespace ${namespace}"
                 }
             }
         }
     }

    stage('Deploy to Test'){
        script{
            steps{
                 if(env.GIT_BRANCH.contains("test")){

                        def namespace="test"
                        def ENV="test"

                        withCredentials([file(credentialsId: ...)]) {
                        // change context with related namespace
                        sh "kubectl config set-context $(kubectl config current-context) --namespace=${namespace}"


                        //Deploy with Helm
                        echo "Deploying"
                        sh "helm upgrade --install road-dashboard -f values.${ENV}.yaml --set tag=$TAG --namespace ${namespace}"
                    }
                }
            }
        }
    }

    stage ('Deploy to Production'){

        when {
            anyOf{
                environment name: 'DEPLOY_TO_PROD' , value: 'true'
            }
        }

        steps{
            script{
                DEPLOY_PROD = false
                def namespace = "production"

                withCredentials([file(credentialsId: 'kube-config', variable: 'kubecfg')]){
                    //Change context with related namespace
                    sh "kubectl config set-context $(kubectl config current-context) --namespace=${namespace}"

                    //Deploy with Helm
                    echo "Deploying to production"
                    sh "helm upgrade --install road-dashboard -f values.${ENV}.yaml --set tag=$TAG --namespace ${namespace}"
                }
            }
        }
    }

推荐答案

我从没有尝试过，但是从理论上讲，凭据变量可以用作环境变量.尝试使用KUBECONFIG作为变量名

I have never tried this, but in theory the credentials variable is available as environment variable. Try to use KUBECONFIG as a variable name

withCredentials([file(credentialsId: 'secret', variable: 'KUBECONFIG')]) {

  // change context with related namespace
  sh "kubectl config set-context $(kubectl config current-context) --namespace=${namespace}"

  //Deploy with Helm
  echo "Deploying"
  sh "helm upgrade --install road-dashboard -f values.${ENV}.yaml --set tag=$TAG --namespace ${namespace}"
}

这篇关于在Jenkins中存储Kubernetes集群凭证并在声明式管道中使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！