Jenkins的Kubernetes插件失败了-Java 学习之路

我正在尝试使用适当的Kubernetes URL和其他详细信息将Kubernetes作为 Cloud 添加到Jenkins服务器 . 当我添加细节并测试连接时，我收到以下错误

连接到https：//192.168.X.XX时出错：6443：执行失败：GET at：https：//192.168.X.XX：6443 / api / v1 / namespaces / default / pods . 消息：用户“system：anonymous”无法在命名空间“default”中列出pod . “

我尝试使用--insecure选项执行curl，但会记录相同的跟随错误 .

消息：用户“system：anonymous”无法在命名空间“default”中列出pod . “

我尝试使用以下kubectl命令添加jenkins和用户凭据以登录jenkins as clusteradminrole

kubectl创建角色绑定jenkins-admin-binding --clusterrole = admin --user = jenkins - namespace = default

但仍然是同样的错误 .

什么都丢失了？

编辑1：尝试按照建议执行以下操作

openssl genrsa -out jenkins.key 2048 openssl req -new -key jenkins.key -out jenkins.csr -subj“/ CN = jenkins / O = admin_jenkins”openssl x509 -req -in jenkins.csr -CA / etc / kubernetes /pki/ca.crt-CAkey /etc/kubernetes/pki/ca.key-CAcreateserial -out jenkins.crt -days 500 kubectl config set-credentials jenkins --client-certificate = / root / pods / admin_jenkins / .certs / jenkins.crt --client-key = / root / pods / admin_jenkins / .certs / jenkins.key kubectl config set-context jenkins-context --cluster = kubernetes --namespace = default --user = jenkins kubectl create -f role .yaml（描述的角色文件）kubectl create -f role-binding.yaml

甚至在此之后

kubectl --context=jenkins-context get deployments 
gives the following error
"Error from server (Forbidden): User "jenkins" cannot list deployments.extensions in the namespace "default". (get deployments.extensions)"

更新2：

after following above steps 
"kubectl --context=jenkins-context get deployments" was successful.

 i did the whole exercise after doing a kubeadm reset and it worked

但是当我尝试使用它的插件将它添加为 Cloud 时，问题仍然存在于将K8与Jenkins集成 .

1 回答

你定义了角色 admin 吗？如果没有定义管理员角色 . 下面的文件你参考它 .

https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

更新：1 . 您可以像这样创建文件 role.yaml 并创建角色 . 然后运行 kubectl apply -f role.yaml

kind: Role
  apiVersion: rbac.authorization.k8s.io/v1beta1
  metadata:
    namespace: default
    name: admin
  rules:
  - apiGroups: ["", "extensions", "apps"]
    resources: ["deployments", "replicasets", "pods"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]

您需要传递具有此角色的客户端证书才能进行身份验证 .

从您的第二个问题，您尝试使用此帐户来验证jenkin应用程序用户 . 我不确定这种方法对你有用 .

update on 9/25/17

Username: admin
Group: jenkins


 openssl genrsa -out admin.key 2048
 openssl req -new -key admin.key -out admin.csr -subj "/CN=admin/O=jenkins"

 #Run this as root user in master node
 openssl x509 -req -in admin.csr -CA /etc/kubernetes/pki/ca.crt  -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out admin.crt -days 500

 mkdir .certs/
 mv admin.* .certs/
 kubectl config set-credentials admin --client-certificate=/home/jenkin/.certs/admin.crt  --client-key=/home/jenkin/.certs/admin.key
 kubectl config set-context admin-context --cluster=kubernetes --namespace=jenkins --user=admin

Save this in the file and create role

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: jenkins
  name: deployment-manager
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["deployments", "replicasets", "pods"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: deployment-manager-binding
  namespace: jenkins
subjects:
- kind: User
  name: admin
  apiGroup: ""
roleRef:
  kind: Role
  name: deployment-manager
  apiGroup: ""

Run the get pods command

kubectl --context=admin-context get pods

回复于 2024-05-02T08:14:17+08:00

Jenkins的Kubernetes插件失败了

1 回答

相关问题