用于连接 Amazone EKS 的 Jenkins 代理不起作用 [英] Jenkins agent for connecting Amazone EKS not work

问题描述

我尝试在我的 Jenkins 中配置 Kubernetes 代理，以使用 Jenkins 管道部署微服务.我使用 eksctl commande 创建了 Amazone EKS 集群.创建集群后，创建 kubeconfig 文件，用于在 Jenkins 中配置机密文件凭据.

I try to configure Kubernetes agent in my Jenkins for deploy microservices using Jenkins pipeline. I created Amazone EKS cluster using eksctl commande. After cluster creation a created kubeconfig file for configure secret file credential in Jenkins.

当我尝试将 kubernetes 代理连接到我的集群时出现错误:

When i try to connect my kubernetes agent to my cluster I have an error :

Error testing connection https://<CLUSTER>.sk1.eu-west-3.eks.amazonaws.com: Failure executing: GET at: https://<CLUSTER>.sk1.eu-west-3.eks.amazonaws.com/api/v1/namespaces/default/pods. Message: pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "default". Received status: Status(apiVersion=v1, code=403, details=StatusDetails(causes=[], group=null, kind=pods, name=null, retryAfterSeconds=null, uid=null, additionalProperties={}), kind=Status, message=pods is forbidden: User "system:anonymous" cannot list resource "pods" in API group "" in the namespace "default", metadata=ListMeta(_continue=null, remainingItemCount=null, resourceVersion=null, selfLink=null, additionalProperties={}), reason=Forbidden, status=Failure, additionalProperties={}).

推荐答案

您的 config 密码没有足够的权限来执行基本任务.请在您的服务帐户中绑定以下角色，您在配置密码中使用了谁的令牌.请关注这个

Your config secret does not have enough permission to perform basic task. Please bind the below role in your service account who's token you have used in config secret. Please follow this one

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  namespace: default
  name: jenkins-master
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["events"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
  name: jenkins-master
  namespace: default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins-master
subjects:
- kind: ServiceAccount
  name: jenkins-master //replace your service account name

有关更多详细信息，请参阅此文章.

For more details follow this article.

这篇关于用于连接 Amazone EKS 的 Jenkins 代理不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！