专栏云原生 DevOps难度入门标签JenkinsCI/CD流水线Pipeline自动化部署前言Jenkins 是国内用得最广的 CI/CD 工具。本文用一个完整的 Java 微服务项目演示从代码提交到生产部署的全流程。一、Jenkins 安装# Docker方式推荐环境隔离dockerrun-d\--namejenkins\-p8080:8080-p50000:50000\-vjenkins_home:/var/jenkins_home\-v/var/run/docker.sock:/var/run/docker.sock\jenkins/jenkins:lts-jdk17# 获取初始密码dockerexecjenkinscat/var/jenkins_home/secrets/initialAdminPassword二、Jenkinsfile 完整示例// Jenkinsfile存放在代码仓库根目录pipeline{agent any environment{APP_NAMEmyappIMAGE_REPOregistry.example.com/myappK8S_NSproductionGIT_CREDcredentials(git-credentials)}options{buildDiscarder(logRotator(numToKeepStr:10))timeout(time:30,unit:MINUTES)disableConcurrentBuilds()}triggers{// 监听GitHub webhookpush时自动触发githubPush()}stages{stage(Checkout){steps{checkout scm script{env.GIT_COMMIT_SHORTsh(script:git rev-parse --short HEAD,returnStdout:true).trim()env.IMAGE_TAG${env.BUILD_NUMBER}-${env.GIT_COMMIT_SHORT}}}}stage(Build){steps{shmvn clean package -DskipTests -q}}stage(Unit Test){steps{shmvn test}post{always{// 发布测试报告junittarget/surefire-reports/**/*.xml}}}stage(Docker Build Push){steps{script{withCredentials([usernamePassword(credentialsId:registry-credentials,usernameVariable:REGISTRY_USER,passwordVariable:REGISTRY_PASS)]){sh docker login -u${REGISTRY_USER}-p${REGISTRY_PASS}registry.example.com docker build -t${IMAGE_REPO}:${IMAGE_TAG}. docker push${IMAGE_REPO}:${IMAGE_TAG}docker rmi${IMAGE_REPO}:${IMAGE_TAG}}}}}stage(Deploy to Staging){steps{sh kubectl set image deployment/${APP_NAME}\${APP_NAME}${IMAGE_REPO}:${IMAGE_TAG}\ -n staging kubectl rollout status deployment/${APP_NAME}-n staging --timeout300s }}stage(Smoke Test){steps{shsleep 10shcurl -f http://staging.example.com/health || exit 1}}stage(Deploy to Production){when{branchmain}input{message确认发布到生产环境?ok确认发布}steps{sh kubectl set image deployment/${APP_NAME}\${APP_NAME}${IMAGE_REPO}:${IMAGE_TAG}\ -n production kubectl rollout status deployment/${APP_NAME}-n production --timeout300s }}}post{success{// 企业微信通知sh curl -X POST https://qyapi.weixin.qq.com/cgi-bin/webhook/send?keyYOUR_KEY \ -H Content-Type: application/json \ -d {msgtype:markdown,markdown:{content:## 构建成功\\n**项目:**${APP_NAME}\\n**版本:**${IMAGE_TAG}\\n**分支:**${env.BRANCH_NAME}}} }failure{sh curl -X POST https://qyapi.weixin.qq.com/cgi-bin/webhook/send?keyYOUR_KEY \ -H Content-Type: application/json \ -d {msgtype:markdown,markdown:{content:## 构建失败 \\n**项目:**${APP_NAME}\\n**阶段:**${env.STAGE_NAME}\\n**详情:**${env.BUILD_URL}}} }always{cleanWs()}}}三、常见问题解决# Jenkins容器内运行docker命令无权限dockerexec-uroot jenkinschmod666/var/run/docker.sock# Kubectl在Jenkins中使用挂载kubeconfigdockerrun-v~/.kube:/root/.kube jenkins/jenkins:lts# 流水线中获取环境变量shprintenv | sort结语Jenkins的核心价值在于把所有重复的手工操作自动化。一个好的Jenkinsfile就是一份可执行的发布手册。