Jenkins的Kubernetes插件失败 [英] Kubernetes plugin with Jenkins fails

问题描述

我正在尝试使用适当的Kubernetes URL和其他详细信息将Kubernetes作为云添加到Jenkins服务器.当我添加详细信息并测试连接时 我收到以下错误

I am trying to add Kubernetes as cloud to Jenkins server with the appropriate Kubernetes URL and other details. When i add the details and test the connection i get the following error

连接到 https://192.168.X.XX:6443 时出错:执行失败:GET在: https://192.168.X.XX:6443/api/v1/namespaces/default/pods .消息:用户"system:anonymous"无法在名称空间"default"中列出容器..

Error connecting to https://192.168.X.XX:6443: Failure executing: GET at: https://192.168.X.XX:6443/api/v1/namespaces/default/pods. Message: User "system:anonymous" cannot list pods in the namespace "default".."

我尝试使用--insecure选项执行curl，但是记录了以下相同错误.

I tried to perform curl with --insecure option but the same following error is logged.

消息:用户"system:anonymous"无法在名称空间"default"中列出pods."

Message: User "system:anonymous" cannot list pods in the namespace "default".."

我尝试使用以下kubectl命令添加jenkins和用户凭据以clusteradminrole身份登录jenkins

I tried to add jenkins and the user credentials to login to jenkins as clusteradminrole using the following kubectl command

kubectl创建角色绑定jenkins-admin-binding --clusterrole = admin --user = jenkins--namespace = default

kubectl create rolebinding jenkins-admin-binding --clusterrole=admin --user=jenkins--namespace=default

但仍然是相同的错误.

什么都不见了?

尝试按照建议进行以下操作

EDIT 1: Have tried to do the following as suggested

openssl genrsa -out jenkins.key 2048

openssl genrsa -out jenkins.key 2048

openssl req -new -key jenkins.key -out jenkins.csr -subj"/CN = jenkins/O = admin_jenkins"

openssl req -new -key jenkins.key -out jenkins.csr -subj "/CN=jenkins/O=admin_jenkins"

openssl x509 -req -in jenkins.csr -CA/etc/kubernetes/pki/ca.crt -CAkey/etc/kubernetes/pki/ca.key -CAcreateserial -out jenkins.crt -days 500

openssl x509 -req -in jenkins.csr -CA /etc/kubernetes/pki/ca.crt -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out jenkins.crt -days 500

kubectl配置设置凭据jenkins --client-certificate =/root/pods/admin_jenkins/.certs/jenkins.crt --client-key =/root/pods/admin_jenkins/.certs/jenkins.key

kubectl config set-credentials jenkins --client-certificate=/root/pods/admin_jenkins/.certs/jenkins.crt --client-key=/root/pods/admin_jenkins/.certs/jenkins.key

kubectl配置设置上下文jenkins-context --cluster = kubernetes --namespace = default --user = jenkins

kubectl config set-context jenkins-context --cluster=kubernetes --namespace=default --user=jenkins

kubectl create -f role.yaml(所述角色文件)

kubectl create -f role.yaml (Role file as described)

kubectl create -f role-binding.yaml

kubectl create -f role-binding.yaml

即使在此之后

kubectl --context=jenkins-context get deployments 
gives the following error
"Error from server (Forbidden): User "jenkins" cannot list deployments.extensions in the namespace "default". (get deployments.extensions)"

更新2:

after following above steps 
"kubectl --context=jenkins-context get deployments" was successful.

 i did the whole exercise after doing a kubeadm reset and it worked

但是当我尝试使用其插件将其添加为云时，仍然存在将K8与Jenkins集成的问题.

But the problem still remains of integrating K8 with Jenkins when i am trying to add it as a cloud using its plugin.

推荐答案

您是否定义了角色admin?如果没有定义管理员角色.在下面记录您的引用.

Did you define the role admin? if not define the admin role. below document your refer it.

https://docs. bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

更新: 1.您可以像这样创建文件role.yaml并创建角色.然后运行kubectl apply -f role.yaml

Update: 1. you can create file role.yaml like this and create role. then run kubectl apply -f role.yaml

 kind: Role
  apiVersion: rbac.authorization.k8s.io/v1beta1
  metadata:
    namespace: default
    name: admin
  rules:
  - apiGroups: ["", "extensions", "apps"]
    resources: ["deployments", "replicasets", "pods"]
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]

您需要通过具有此角色的客户端证书进行身份验证.

you need to pass the client certificate with this role to authenticate.

从第二个问题开始，您尝试使用此帐户对jenkin应用程序用户进行身份验证.我不确定这种方法是否适合您.

from your second question your trying to use this account to authenticate jenkin application user. I am not sure this method will work for you.

17年9月25日更新

Username: admin
Group: jenkins


 openssl genrsa -out admin.key 2048
 openssl req -new -key admin.key -out admin.csr -subj "/CN=admin/O=jenkins"

 #Run this as root user in master node
 openssl x509 -req -in admin.csr -CA /etc/kubernetes/pki/ca.crt  -CAkey /etc/kubernetes/pki/ca.key -CAcreateserial -out admin.crt -days 500

 mkdir .certs/
 mv admin.* .certs/
 kubectl config set-credentials admin --client-certificate=/home/jenkin/.certs/admin.crt  --client-key=/home/jenkin/.certs/admin.key
 kubectl config set-context admin-context --cluster=kubernetes --namespace=jenkins --user=admin 

将其保存在文件中并创建角色

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: jenkins
  name: deployment-manager
rules:
- apiGroups: ["", "extensions", "apps"]
  resources: ["deployments", "replicasets", "pods"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # You can also use ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: deployment-manager-binding
  namespace: jenkins
subjects:
- kind: User
  name: admin
  apiGroup: ""
roleRef:
  kind: Role
  name: deployment-manager
  apiGroup: ""

运行get pods命令

kubectl --context=admin-context get pods

这篇关于Jenkins的Kubernetes插件失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！