Kubernetes - Jenkins 集成 [英] Kubernetes - Jenkins integration
问题描述
我已经使用 kubeadm Kubernetes 1.9 RBAC 集群进行引导,并且我已经在基于 jenkins/jenkins:lts 的 POD Jenkins 中开始.我想试试 https://github.com/jenkinsci/kubernetes-plugin .我已经根据 https://gist.github.com/lachie83/17c1fff4eb58cf75c5fb11a4957a64d2
I've bootstrapped with kubeadm Kubernetes 1.9 RBAC cluster and I've started inside a POD Jenkins based on jenkins/jenkins:lts. I would like to try out https://github.com/jenkinsci/kubernetes-plugin . I have already created a serviceaccount based on the proposal in https://gist.github.com/lachie83/17c1fff4eb58cf75c5fb11a4957a64d2
> kubectl -n dev-infra create sa jenkins
> kubectl create clusterrolebinding jenkins --clusterrole cluster-admin --serviceaccount=dev-infra:jenkins
> kubectl -n dev-infra get sa jenkins -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: 2018-02-16T12:06:26Z
name: jenkins
namespace: dev-infra
resourceVersion: "1295580"
selfLink: /api/v1/namespaces/dev-infra/serviceaccounts/jenkins
uid: d040041c-1311-11e8-a4f8-005056039a14
secrets:
- name: jenkins-token-vmt79
> kubectl -n dev-infra get secret jenkins-token-vmt79 -o yaml
apiVersion: v1
data:
ca.crt: LS0tL...0tLQo=
namespace: ZGV2LWluZnJh
token: ZXlK...tdVE=
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: jenkins
kubernetes.io/service-account.uid: d040041c-1311-11e8-a4f8-005056039a14
creationTimestamp: 2018-02-16T12:06:26Z
name: jenkins-token-vmt79
namespace: dev-infra
resourceVersion: "1295579"
selfLink: /api/v1/namespaces/dev-infra/secrets/jenkins-token-vmt79
uid: d041fa6c-1311-11e8-a4f8-005056039a14
type: kubernetes.io/service-account-token
之后我去管理 Jenkins -> 配置系统 -> 云 -> Kubernetes 并将 Kubernetes URL 设置为我也在我的 kubectl KUBECONFIG 服务器中使用的集群 API:url:port.
After that I go to Manage Jenkins -> Configure System -> Cloud -> Kubernetes and set the Kubernetes URL to the Cluster API that I use also in my kubectl KUBECONFIG server: url:port.
当我点击测试连接时,我得到错误测试连接 https://url:port:执行失败:GET at: https://url:port/api/v1/namespaces/dev-infra/pods.消息:禁止!配置的服务帐户无权访问.服务帐户可能已被撤销.pods 被禁止:用户system:serviceaccount:dev-infra:default"无法列出命名空间dev"中的 pod-infra".
When I hit test connection I get "Error testing connection https://url:port: Failure executing: GET at: https://url:port/api/v1/namespaces/dev-infra/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:dev-infra:default" cannot list pods in the namespace "dev-infra".
我不想给 dev-infra:default 用户一个集群管理员角色,我想使用我创建的 jenkins sa.我不明白如何在 Jenkins 中配置凭据.当我在 https://github.com/jenkinsci/上点击添加凭据时kubernetes-plugin/blob/master/configuration.png 我明白了
I don't want to give to the dev-infra:default user a cluster-admin role and I want to use the jenkins sa I created. I can't understand how to configure the credentials in Jenkins. When I hit add credentials on the https://github.com/jenkinsci/kubernetes-plugin/blob/master/configuration.png I get
<select class="setting-input dropdownList">
<option value="0">Username with password</option>
<option value="1">Docker Host Certificate Authentication</option>
<option value="2">Kubernetes Service Account</option>
<option value="3">OpenShift OAuth token</option>
<option value="4">OpenShift Username and Password</option>
<option value="5">SSH Username with private key</option>
<option value="6">Secret file</option>
<option value="7">Secret text</option>
<option value="8">Certificate</option></select>
我找不到一个明确的示例,如何配置 Jenkins Kubernetes Cloud 连接器以使用我的 Jenkins 对服务帐户 jenkins 进行身份验证.您能否帮我找到分步指南 - 我需要什么样的凭据?
I could not find a clear example how to configure Jenkins Kubernetes Cloud connector to use my Jenkins to authenticate with service account jenkins. Could you please help me to find step-by-step guide - what kind of of credentials I need?
问候,帕维尔
推荐答案
最佳实践是使用您创建的 serviceaccount 启动您的 Jenkins master pod,而不是在 Jenkins 中创建凭据
The best practice is to launch you Jenkins master pod with the serviceaccount you created, instead of creating credentials in Jenkins
这篇关于Kubernetes - Jenkins 集成的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
