增加打包镜像和chart包

Dockerfile

+FROM harbor.k2software.com.cn/library/openweb/oracle-tomcat:8.5-jre8
+
+ENV SPRING_OUTPUT_ANSI_ENABLED=ALWAYS \
+    JHIPSTER_SLEEP=0
+
+# add directly the war
+ADD *.war /usr/local/tomcat/webapps/ROOT.war
+CMD echo "The application will start in ${JHIPSTER_SLEEP}s..." && \
+    /usr/local/tomcat/bin/startup.sh && tail -f /usr/local/tomcat/logs/catalina.out

charts/.helmignore

+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

charts/Chart.yaml

+apiVersion: v1
+appVersion: "1.0"
+description: A Helm chart for Java Oidc Example
+name: oidc-example
+version: 1.0

charts/templates/NOTES.txt

+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "setup.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get svc -w {{ template "setup.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "setup.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "setup.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}

charts/templates/_helpers.tpl

+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "setup.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "setup.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "setup.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/templates/deployment.yaml

+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "setup.fullname" . }}
+  labels:
+    app: {{ template "setup.name" . }}
+    chart: {{ template "setup.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      app: {{ template "setup.name" . }}
+      release: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app: {{ template "setup.name" . }}
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - name: {{ .Release.Name }}
+          image: "{{ .Values.global.hub }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command: ["/bin/sh", "-c", "sh venv_install.sh"]
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+          - name: docker-sock-file
+            mountPath: /var/run/docker.sock # docker sock文件
+          - name: localtime
+            mountPath: /etc/localtime
+          resources:
+{{ toYaml .Values.resources | indent 12 }}
+      volumes:
+      - name: docker-sock-file
+        hostPath:
+          path: {{ .Values.volumes.hostPath.path }}
+      - name: localtime
+        hostPath:
+          path: /etc/localtime
+  {{- end }}
+{{- with .Values.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
\ No newline at end of file

charts/templates/ingress.yaml

+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "setup.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app: {{ template "setup.name" . }}
+    chart: {{ template "setup.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: http
+  {{- end }}
+{{- end }}

charts/templates/service.yaml

+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "setup.fullname" . }}
+  labels:
+    app: {{ template "setup.name" . }}
+    chart: {{ template "setup.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      nodePort: {{ .Values.service.nodePort }}
+      protocol: TCP
+      name: http
+  selector:
+    app: {{ template "setup.name" . }}
+    release: {{ .Release.Name }}

charts/values-dev.yaml

+replicaCount: 1
+global:
+  hub: harbor.dev.k2paas.com/paas-dev
+image:
+  repository: oidc-example
+  tag: dev
+  pullPolicy: IfNotPresent
+
+nameOverride: "oidc-example"
+fullnameOverride: "oidc-example"
+
+service:
+  type: NodePort
+  port: 80
+  nodePort: 8080
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "100m"
+    nginx.ingress.kubernetes.io/client-body-buffer-size: "10m"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "120"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "120"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "120"
+    #nginx.ingress.kubernetes.io/proxy-buffering: "on"
+    #nginx.ingress.kubernetes.io/proxy-buffer-size: "10m"
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, OPTIONS"
+    nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+    nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,X-LANG,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Api-Key,X-Device-Id,Authorization,Access-Control-Allow-Origin,pageSize,pageIndex,content-type,pageindex,pagesize"
+    #kubernetes.io/ingress.class: nginx
+    #kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - exmaple.dev.k2paas.com
+  tls: []
+
+persistence:
+  enabled: false
+  local:
+    enabled: false # 是否启用本地存储
+    name: setup-pvc  # 对应本地存储名称
+  storageClass: "vsphere-dynamic-class"    # 集群共享存储
+  accessMode: ReadWriteOnce # 存储访问模式
+  size: 30Mi   # 声明所需存储的大小
+  annotations: {}
+
+resources:
+  requests:  # 声明最少使用的资源，不够的话则应用无法启动成功
+    memory: 200Mi
+    cpu: 200m
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+volumes:
+  hostPath:
+    path: /var/vcap/sys/run/docker/docker.sock

charts/values-prod.yaml

+replicaCount: 1
+
+global:
+  hub: harbor.k2software.com.cn/library
+image:
+  repository: oidc-example
+  tag: dev
+  pullPolicy: IfNotPresent
+
+nameOverride: "nks-setup"
+fullnameOverride: "nks-setup"
+
+service:
+  type: NodePort
+  port: 80
+  nodePort: 8080
+
+ingress:
+  enabled: true
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - exmaple.k2software.com.cn
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+persistence:
+  enabled: false
+  local:
+    enabled: false # 是否启用本地存储
+    name: setup-pvc  # 对应本地存储名称
+  storageClass: "vsphere-dynamic-class"    # 集群共享存储
+  accessMode: ReadWriteOnce # 存储访问模式
+  size: 30Mi   # 声明所需存储的大小
+  annotations: {}
+
+
+resources:
+  requests:  # 声明最少使用的资源，不够的话则应用无法启动成功
+    memory: 200Mi
+    cpu: 200m
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+
+volumes:
+  hostPath:
+    path: /var/vcap/sys/run/docker/docker.sock

charts/values-test.yaml

+replicaCount: 1
+global:
+  hub: harbor.test.k2paas.com/paas-test
+image:
+  repository: oidc-example
+  tag: dev
+  pullPolicy: IfNotPresent
+
+nameOverride: "nks-setup"
+fullnameOverride: "nks-setup"
+
+service:
+  type: NodePort
+  port: 80
+  nodePort: 8080
+
+ingress:
+  enabled: true
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  path: /
+  hosts:
+    - exmaple.test.k2paas.com
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+persistence:
+  enabled: false
+  local:
+    enabled: false # 是否启用本地存储
+    name: setup-pvc  # 对应本地存储名称
+  storageClass: "vsphere-dynamic-class"    # 集群共享存储
+  accessMode: ReadWriteOnce # 存储访问模式
+  size: 30Mi   # 声明所需存储的大小
+  annotations: {}
+
+resources:
+  requests:  # 声明最少使用的资源，不够的话则应用无法启动成功
+    memory: 200Mi
+    cpu: 200m
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #  cpu: 100m
+  #  memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 128Mi
+
+nodeSelector: {}
+
+
+volumes:
+  hostPath:
+    path: /var/vcap/sys/run/docker/docker.sock

jenkins/Jenkinsfile

+#!/usr/bin/env groovy
+
+def projectProperties = [
+        [$class: 'BuildDiscarderProperty', strategy: [$class: 'LogRotator', numToKeepStr: '5']],
+
+        parameters([
+            string(name: 'DOCKER_USER', defaultValue: 'admin', description: 'docker用户名'),
+            string(name: 'DOCKER_PASSWORD', defaultValue: 'K2pass!!', description: 'docker用户密码'),
+            string(name: 'REGISTRY_URL', defaultValue: 'harbor.dev.k2paas.com', description: 'docker仓库地址')
+        ]),
+        pipelineTriggers([
+        [
+            $class: 'GitLabPushTrigger',
+            branchFilterType: 'All',
+            triggerOnPush: false,
+            triggerOnMergeRequest: false,
+            triggerOpenMergeRequestOnPush: "never",
+            triggerOnNoteRequest: false,
+            triggerOnAcceptedMergeRequest: true,
+            noteRegex: "Jenkins please retry a build",
+            skipWorkInProgressMergeRequest: true,
+            ciSkip: true,
+            setBuildDescription: true,
+            addNoteOnMergeRequest: true,
+            addCiMessage: true,
+            addVoteOnMergeRequest: true,
+            acceptMergeRequestOnSuccess: true,
+            branchFilterType: "NameBasedFilter",
+            includeBranchesSpec: "dev,dev-v5.2",
+            excludeBranchesSpec: "",
+
+        ]
+    ])
+]
+
+properties(projectProperties)
+
+def pod_label = "worker-${UUID.randomUUID().toString()}"
+podTemplate(label: pod_label, cloud: 'kubernetes', containers: [
+        containerTemplate(name: 'maven', image: 'harbor.dev.k2paas.com/build/maven:3-jdk-8-alpine', command: 'cat', ttyEnabled: true),
+        containerTemplate(name: 'docker', image: 'harbor.dev.k2paas.com/build/docker', command: 'cat', ttyEnabled: true),
+        containerTemplate(name: 'helm', image: 'harbor.dev.k2paas.com/build/helm:v2.11.0', command: 'cat', ttyEnabled: true, envVars: [
+                envVar(key: 'KUBECONFIG', value: '/root/.kube/config')])
+	    ],
+
+    volumes: [
+        nfsVolume(mountPath: '/mnt', serverAddress: '172.18.10.13', serverPath: '/data/nfs/lib', readOnly: false),
+        hostPathVolume(hostPath: '/var/run/docker.sock', mountPath: '/var/run/docker.sock'),
+        hostPathVolume(hostPath: '/etc/localtime', mountPath: '/etc/localtime'),
+        hostPathVolume(hostPath: '/root/.kube', mountPath: '/root/.kube')
+    ]
+
+) {
+
+    node(pod_label) {
+         container('maven') {
+
+            stage('checkout') {
+                checkout scm
+
+                sh 'ls -al'
+                sh 'printenv'
+            }
+
+            stage('build') {
+                sh 'ls -al'
+                // 生成静态链接所有的库
+                sh 'CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -v -mod vendor -o dex github.com/dexidp/dex/cmd/dex'
+                //sh 'make release-binary'
+            }
+
+         }
+
+
+         container('docker') {
+
+             // 设置超时时间
+             timeout(time: 10, unit: 'MINUTES') {
+
+                stage('docker-build') {
+                 //REGISTRY_URL私有仓库地址，也可使用官方地址：docker.io
+                 sh "docker login -u ${params.DOCKER_USER} -p ${params.DOCKER_PASSWORD} ${params.REGISTRY_URL}"
+                 sh "docker build -t ${params.REGISTRY_URL}/paas-dev/oidc-example:dev-${env.BUILD_ID} ."
+                }
+
+                stage('docker-push') {
+                    sh "docker push ${params.REGISTRY_URL}/paas-dev/oidc-example:dev-${env.BUILD_ID}"
+                }
+
+                stage('docker-remove') {
+                    sh "docker rmi ${params.REGISTRY_URL}/paas-dev/oidc-example:dev-${env.BUILD_ID}"
+                }
+             }
+
+         }
+
+         container('helm') {
+
+            stage('helm deploy') {
+                sh "sed -i \"s/tag: dev/tag: dev-${env.BUILD_ID}/g\" charts/values-dev.yaml"
+                sh "helm upgrade --install oidc-example --namespace paas charts/  -f charts/values-dev.yaml"
+
+            }
+        }
+
+
+    }
+}
+
+// vim: ft=groovy

src/main/java/com/onegini/oidc/IndexController.java

@@ -13,4 +13,9 @@ public class IndexController {
     return "index";
   }
 
+  @GetMapping("/health")
+  public String health() {
+    return "up";
+  }
+
 }
\ No newline at end of file