我在 Kubernetes 中运行我的 jenkins 以根据要求创建动态从属 pod。
每个文件都使用来自 jenkins 的一些凭据。
现在的问题是当我在 sh script:"" 中运行一些命令时,该凭据在 UI 的日志视图选项中可见。
如下图所示。
我的Jenkinsfile如下所示
podTemplate(
containers: [
containerTemplate(name: 'helm', alwaysPullImage: true, image: 'k8s-helm:v3.4.2', command: 'cat',
ttyEnabled: true)
],
imagePullSecrets: ['registry-credentials']) {
properties([parameters(
[string(name: 'dockerImageTag', description: 'Docker image tag to deploy'),
string(name: 'branchName', defaultValue: 'dev', description: 'Branch being deployed'),
string(name: 'targetBranch', defaultValue: 'dev', description: 'Target branch against which if a PR is being raised')])])
currentBuild.description = "branch ${params.branchName}"
node(POD_LABEL) {
container('helm') {
withCredentials([[$class : 'FileBinding',
credentialsId: 'sling-test-kubeconfig',
variable : 'KUBECONFIG'],
[$class : 'StringBinding',
credentialsId: 'sd-charts-github-api-token',
variable : 'API_TOKEN']]) {
stage('Add Helm repository') {
sh script: "helm repo add stable 'https://charts.helm.sh/stable'",
label: 'Add stable helm repo'
sh script: 'helm repo list', label: 'List available helm repos'
}
withCredentials([[$class : 'StringBinding',
credentialsId: 'test-env-postgres-password',
variable : 'POSTGRES_PASSWORD'],
[$class : 'StringBinding',
credentialsId: 'test-env-rabbitmq-password',
variable : 'RABBITMQ_PASSWORD']]) {
stage('Deploy') {
echo "Deploying docker release -> myhost.com/8023/sling/scheduler:${params.dockerImageTag}"
sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
}
}
}
}
}
}
该文件有一些凭据(即 RABBITMQ_PASSWORD、POSTGRES_PASSWORD 等......还有更多),我不想在 UI 日志上显示,基本上我不想显示位于
sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
我得到了一些参考,但这也不起作用。
有人可以帮我解决这个问题。