pipeline { agent any environment { REGISTRY = "myharbor.local:80" HARBOR_IP = "192.168.108.101" // Your Master Node IP APP_NAME = "ecommerce-app" IMAGE_NAME = "ecommerce-backend" IMAGE_TAG = "${REGISTRY}/library/${IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_NUMBER}" NAMESPACE = "ecommerce" CONTAINERD_ADDR = "/run/containerd-pod/containerd.sock" } stages { stage('Network Setup') { steps { // Manually inject the host entry for this build session sh "echo '${HARBOR_IP} myharbor.local' | sudo tee -a /etc/hosts" } } stage('Build Image') { steps { script { // Start buildkitd if it died during pod rotation sh "mkdir -p /run/buildkit && sudo chmod 777 /run/buildkit" sh "nohup buildkitd --addr unix:///run/buildkit/buildkitd.sock > /tmp/buildkitd.log 2>&1 &" sleep 10 sh "nerdctl --address ${CONTAINERD_ADDR} build --insecure-registry -t ${IMAGE_TAG} ." } } } stage('Push to Harbor') { steps { script { withCredentials([usernamePassword(credentialsId: 'harbor-creds', passwordVariable: 'PASS', usernameVariable: 'USER')]) { // Using --password-stdin to remove the "insecure" warning sh "echo '${PASS}' | nerdctl --address ${CONTAINERD_ADDR} login ${REGISTRY} -u ${USER} --password-stdin --insecure-registry" sh "nerdctl --address ${CONTAINERD_ADDR} push ${IMAGE_TAG} --insecure-registry" } } } } stage('Deploy') { steps { script { withCredentials([file(credentialsId: 'k8s-config', variable: 'KUBECONFIG')]) { sh "kubectl --kubeconfig=${KUBECONFIG} patch deployment ${APP_NAME} -n ${NAMESPACE} --patch '{\"spec\": {\"template\": {\"spec\": {\"containers\": [{\"name\": \"${APP_NAME}\", \"image\": \"${IMAGE_TAG}\", \"imagePullPolicy\": \"Never\"}]}}}}'" } } } } } }