首页 文章

Jenkins kubernetes插件无法正常工作

提问于
浏览
5

我正在尝试使用jenkins-kubernetes插件设置Jenkins Dynamic slaves创建 .

My jenkins is running outside K8s Cluster.

链接:https://github.com/jenkinsci/kubernetes-plugin

我的jenkins版本是 2.60.2 而Kubernetes插件版本是 1.1.2

我按照自述文件中提到的步骤进行操作并成功设置连接 .

我的设置如下:
enter image description here

连接成功 .

然后我用pod模板创建了一个作业:
enter image description here

这里开始出现问题: 1. When I run this job initially it runs and jenkins slave container inside my pod not able to connect and throws:

enter image description here

我已经启用JNLP端口(50000)不确定它是否是正确的端口,即使在Jenkins中使用随机选项进行测试也没有用 .

2. Now I discarded this jenkins job and re run again it says:

Started by user Vaibhav Jain
[Pipeline] podTemplate
[Pipeline] {
[Pipeline] node
Still waiting to schedule task
Jenkins doesn’t have label defaultlabel

并且kubernetes没有开始使用pod . This is weird .

我不确定我做错了什么 . 需要帮忙!

jenkins kubernetes jenkins-plugins jenkins-pipeline jenkins-2

2 回答

  • 8

    好!我发现问题,我给容器上限为10(默认名称空间),这对我的集群来说太低了 . 我有15个工作节点集群,当K8主控尝试启动一个pod时,它会立即启动多个pod(虽然在一个计划完成后终止休息),最终超过容器上限(10) . 我将CAP更改为100,现在事情按预期工作了 .

    我注意到K8s Jenkins插件有一件事,它不会清除错误容器本身,这增加了容器数量并导致了这个问题 .

    回复于
  • 1

    我建议您通过创建serviceAccount来使用kubernetes中的凭据,而不是使用证书:

    ---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

    并使用该serviceAccount部署jenkins:

    apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  labels:
    app: jenkins
  name: jenkins
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jenkins
  template:
    metadata:
      labels:
        app: jenkins
    spec:           
      serviceAccountName: jenkins 
....

    我向您展示了Kubernetes插件的截图(注意JNLP端口的Jenkins隧道,'jenkins'是我的kubernetes服务的名称):

    enter image description here

    enter image description here

    凭证:

    enter image description here

    然后填写文件(ID将自动生成,说明将显示在凭据列表框中),但请务必在kubernetes中创建serviceAccount,如前所述:

    enter image description here

    我的指示是针对kubernetes内的Jenkins大师 . 如果你想在群集之外(但是奴隶在里面),我认为你必须使用简单的登录/密码凭证 .

    对于您上次出现的错误,似乎是主机解析错误:从站无法解析您的主机 .

    我希望它对你有所帮助 .

    回复于

相关问题