Jenkins podTemplate 禁用默认回显
Jenkins podTemplate disbale default echo
我正在 运行在 Kubernetes 中设置我的 jenkins 以根据需求创建动态从 pod。
每个文件都使用来自 jenkins 的一些凭据。
现在的问题是,当我 运行 在 sh 脚本中执行某些命令时:“”然后在 UI 的日志视图选项中可以看到凭据。
如下截图。
我的 Jenkinsfile 如下所示
podTemplate(
containers: [
containerTemplate(name: 'helm', alwaysPullImage: true, image: 'k8s-helm:v3.4.2', command: 'cat',
ttyEnabled: true)
],
imagePullSecrets: ['registry-credentials']) {
properties([parameters(
[string(name: 'dockerImageTag', description: 'Docker image tag to deploy'),
string(name: 'branchName', defaultValue: 'dev', description: 'Branch being deployed'),
string(name: 'targetBranch', defaultValue: 'dev', description: 'Target branch against which if a PR is being raised')])])
currentBuild.description = "branch ${params.branchName}"
node(POD_LABEL) {
container('helm') {
withCredentials([[$class : 'FileBinding',
credentialsId: 'sling-test-kubeconfig',
variable : 'KUBECONFIG'],
[$class : 'StringBinding',
credentialsId: 'sd-charts-github-api-token',
variable : 'API_TOKEN']]) {
stage('Add Helm repository') {
sh script: "helm repo add stable 'https://charts.helm.sh/stable'",
label: 'Add stable helm repo'
sh script: 'helm repo list', label: 'List available helm repos'
}
withCredentials([[$class : 'StringBinding',
credentialsId: 'test-env-postgres-password',
variable : 'POSTGRES_PASSWORD'],
[$class : 'StringBinding',
credentialsId: 'test-env-rabbitmq-password',
variable : 'RABBITMQ_PASSWORD']]) {
stage('Deploy') {
echo "Deploying docker release -> myhost.com/8023/sling/scheduler:${params.dockerImageTag}"
sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
}
}
}
}
}
}
这个文件有一些凭据(即 RABBITMQ_PASSWORD、POSTGRES_PASSWORD 等......还有很多)我不想在 UI 日志中显示,基本上我不想显示位于
的整个命令
sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
我得到了一些 但这也不起作用。
谁能帮我解决这个问题。
为避免将您的凭据泄漏到输出中,您需要在 shell 步骤方法的 shell 解释器中解析它们,而不是在 Jenkins 管道中。由于 withCredentials 临时分配给环境变量,这可以通过不在 Groovy:
内插值来实现
sh script: 'scheduler charts/scheduler ' + // literal string
'--set appConfig.postgres.password=${POSTGRES_PASSWORD},' + // no Groovy interpolation
"image.tag=${params.dockerImageTag}," + // Groovy interpolation
'appConfig.rabbitmq.password=${RABBITMQ_PASSWORD},' + // no Groovy interpolation
"deployment.annotations.buildNumber=${currentBuild.number} " + // Groovy interpolation
'--wait', // literal string
label: 'Install helm release'
这将准确地将字符串 put 参数插入并连接到 shell 步骤方法,并且不会在 Jenkins 管道输出中暴露您的凭据。
我正在 运行在 Kubernetes 中设置我的 jenkins 以根据需求创建动态从 pod。
每个文件都使用来自 jenkins 的一些凭据。
现在的问题是,当我 运行 在 sh 脚本中执行某些命令时:“”然后在 UI 的日志视图选项中可以看到凭据。
如下截图。
我的 Jenkinsfile 如下所示
podTemplate(
containers: [
containerTemplate(name: 'helm', alwaysPullImage: true, image: 'k8s-helm:v3.4.2', command: 'cat',
ttyEnabled: true)
],
imagePullSecrets: ['registry-credentials']) {
properties([parameters(
[string(name: 'dockerImageTag', description: 'Docker image tag to deploy'),
string(name: 'branchName', defaultValue: 'dev', description: 'Branch being deployed'),
string(name: 'targetBranch', defaultValue: 'dev', description: 'Target branch against which if a PR is being raised')])])
currentBuild.description = "branch ${params.branchName}"
node(POD_LABEL) {
container('helm') {
withCredentials([[$class : 'FileBinding',
credentialsId: 'sling-test-kubeconfig',
variable : 'KUBECONFIG'],
[$class : 'StringBinding',
credentialsId: 'sd-charts-github-api-token',
variable : 'API_TOKEN']]) {
stage('Add Helm repository') {
sh script: "helm repo add stable 'https://charts.helm.sh/stable'",
label: 'Add stable helm repo'
sh script: 'helm repo list', label: 'List available helm repos'
}
withCredentials([[$class : 'StringBinding',
credentialsId: 'test-env-postgres-password',
variable : 'POSTGRES_PASSWORD'],
[$class : 'StringBinding',
credentialsId: 'test-env-rabbitmq-password',
variable : 'RABBITMQ_PASSWORD']]) {
stage('Deploy') {
echo "Deploying docker release -> myhost.com/8023/sling/scheduler:${params.dockerImageTag}"
sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
}
}
}
}
}
}
这个文件有一些凭据(即 RABBITMQ_PASSWORD、POSTGRES_PASSWORD 等......还有很多)我不想在 UI 日志中显示,基本上我不想显示位于
的整个命令sh script: "scheduler charts/scheduler " +
"--set appConfig.postgres.password=${POSTGRES_PASSWORD}," +
"image.tag=${params.dockerImageTag}," +
"appConfig.rabbitmq.password=${RABBITMQ_PASSWORD}," +
"deployment.annotations.buildNumber=${currentBuild.number} " +
"--wait",
label: 'Install helm release'
我得到了一些
谁能帮我解决这个问题。
为避免将您的凭据泄漏到输出中,您需要在 shell 步骤方法的 shell 解释器中解析它们,而不是在 Jenkins 管道中。由于 withCredentials 临时分配给环境变量,这可以通过不在 Groovy:
sh script: 'scheduler charts/scheduler ' + // literal string
'--set appConfig.postgres.password=${POSTGRES_PASSWORD},' + // no Groovy interpolation
"image.tag=${params.dockerImageTag}," + // Groovy interpolation
'appConfig.rabbitmq.password=${RABBITMQ_PASSWORD},' + // no Groovy interpolation
"deployment.annotations.buildNumber=${currentBuild.number} " + // Groovy interpolation
'--wait', // literal string
label: 'Install helm release'
这将准确地将字符串 put 参数插入并连接到 shell 步骤方法,并且不会在 Jenkins 管道输出中暴露您的凭据。