Jenkins的Kubernetes插件失败 [英] Kubernetes plugin with Jenkins fails
问题描述
我正在尝试使用适当的Kubernetes URL和其他详细信息将Kubernetes作为云添加到Jenkins服务器.当我添加详细信息并测试连接时 我收到以下错误
I am trying to add Kubernetes as cloud to Jenkins server with the appropriate Kubernetes URL and other details. When i add the details and test the connection i get the following error
连接到 https://192.168.X.XX:6443 时出错:执行失败:GET在: https://192.168.X.XX:6443/api/v1/namespaces/default/pods .消息:用户"system:anonymous"无法在名称空间"default"中列出容器..
Error connecting to https://192.168.X.XX:6443: Failure executing: GET at: https://192.168.X.XX:6443/api/v1/namespaces/default/pods. Message: User "system:anonymous" cannot list pods in the namespace "default".."
我尝试使用--insecure选项执行curl,但是记录了以下相同错误.
I tried to perform curl with --insecure option but the same following error is logged.
消息:用户"system:anonymous"无法在名称空间"default"中列出pods."
Message: User "system:anonymous" cannot list pods in the namespace "default".."
我尝试使用以下kubectl命令添加jenkins和用户凭据以clusteradminrole身份登录jenkins
I tried to add jenkins and the user credentials to login to jenkins as clusteradminrole using the following kubectl command
kubectl创建角色绑定jenkins-admin-binding --clusterrole = admin --user = jenkins--namespace = default
kubectl create rolebinding jenkins-admin-binding --clusterrole=admin --user=jenkins--namespace=default
但仍然是相同的错误.
什么都不见了?
尝试按照建议进行以下操作
EDIT 1: Have tried to do the following as suggested
openssl genrsa -out jenkins.key 2048
openssl genrsa -out jenkins.key 2048
openssl req -new -key jenkins.key -out jenkins.csr -subj"/CN = jenkins/O = admin_jenkins"
openssl req -new -key jenkins.key -out jenkins.csr -subj "/CN=jenkins/O=admin_jenkins"
openssl x509 -req -in jenkins.csr -CA/etc/kubernetes/pki/ca.crt -CAkey/etc/kubernetes/pki/ca.key -CAcreateserial -out jenkins.crt -days 500
openssl x509 -req -in jenkins.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out jenkins.crt -days 500
kubectl配置设置凭据jenkins --client-certificate =/root/pods/admin_jenkins/.certs/jenkins.crt --client-key =/root/pods/admin_jenkins/.certs/jenkins.key
kubectl config set-credentials jenkins --client-certificate=/root/pods/admin_jenkins/.certs/jenkins.crt --client-key=/root/pods/admin_jenkins/.certs/jenkins.key
kubectl配置设置上下文jenkins-context --cluster = kubernetes --namespace = default --user = jenkins
kubectl config set-context jenkins-context --cluster=kubernetes --namespace=default --user=jenkins
kubectl create -f role.yaml(所述角色文件)
kubectl create -f role.yaml (Role file as described)
kubectl create -f role-binding.yaml
kubectl create -f role-binding.yaml
即使在此之后
kubectl --context=jenkins-context get deployments
gives the following error
"Error from server (Forbidden): User "jenkins" cannot list deployments.extensions in the namespace "default". (get deployments.extensions)"
更新2:
after following above steps
"kubectl --context=jenkins-context get deployments" was successful.
i did the whole exercise after doing a kubeadm reset and it worked
但是当我尝试使用其插件将其添加为云时,仍然存在将K8与Jenkins集成的问题.
But the problem still remains of integrating K8 with Jenkins when i am trying to add it as a cloud using its plugin.
推荐答案
您是否定义了角色admin
?如果没有定义管理员角色.在下面记录您的引用.
Did you define the role admin
? if not define the admin role. below document your refer it.
https://docs. bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
更新:
1.您可以像这样创建文件role.yaml
并创建角色.然后运行kubectl apply -f role.yaml
Update:
1. you can create file role.yaml
like this and create role. then run kubectl apply -f role.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: default
name: admin
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["deployments", "replicasets", "pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
您需要通过具有此角色的客户端证书进行身份验证.
you need to pass the client certificate with this role to authenticate.
从第二个问题开始,您尝试使用此帐户对jenkin应用程序用户进行身份验证.我不确定这种方法是否适合您.
from your second question your trying to use this account to authenticate jenkin application user. I am not sure this method will work for you.
17年9月25日更新
Username: admin
Group: jenkins
openssl genrsa -out admin.key 2048
openssl req -new -key admin.key -out admin.csr -subj "/CN=admin/O=jenkins"
#Run this as root user in master node
openssl x509 -req -in admin.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out admin.crt -days 500
mkdir .certs/
mv admin.* .certs/
kubectl config set-credentials admin --client-certificate=/home/jenkin/.certs/admin.crt --client-key=/home/jenkin/.certs/admin.key
kubectl config set-context admin-context --cluster=kubernetes --namespace=jenkins --user=admin
将其保存在文件中并创建角色
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: jenkins
name: deployment-manager
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["deployments", "replicasets", "pods"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: deployment-manager-binding
namespace: jenkins
subjects:
- kind: User
name: admin
apiGroup: ""
roleRef:
kind: Role
name: deployment-manager
apiGroup: ""
运行get pods命令
kubectl --context=admin-context get pods
这篇关于Jenkins的Kubernetes插件失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!