jenkins连接k8s环境配置
原因:Kubernetes 地址解析不了,我这里设置的是https://192.168.20.43:6443+禁止证书检查。jenkins页面登录--Manage Jenkins--Nodes and Clouds--Clouds(进去配置即可)3、生成pfx文件时候报错:unable to load certificates。我这里用的是(去掉-certfile ./ca.crt)原因:能搜索到
·
一、jenkins页面配置
jenkins页面登录--Manage Jenkins--Nodes and Clouds--Clouds(进去配置即可)
二、生成pfx文件的脚本
###总共会生成如下四个文件
ca.crt cert.pfx client.crt client.key
-----------------------------------------
[root@master1 .kube]# cat create.sh
#!/bin/bash
rm -rf ./ca.crt ./client.crt ./client.key
#--echo内容来自/root/.kube/config 中的 client-key-data------------------------
echo 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBK1QvSHZFWkNLaitDcWsxcDJVSWJ0ZEpWUkt2SmdqVHorZzFBTjFFdW95NEVvUGpFCjhBSG82ai9lYmhlV3hCZG5BUitjSElLVW8zMUJLenc5WDlaeGROUWFIZGtQN3NYSnA4UW1KNTV5OExFUjBnczQKS1ZNSUxkclBQR1ZoNFNnUExoRmJIWnhRNXVtVExtanhrV2NsZGo5ejZMVW9rTXhvbHpEbGRvV044YjFYbXRPMwowSEl4YjFWZjc5L0RvNVgwRSs4em5uRUEwbDBTUVUvQksyVnFlYTAydy94VVhuSGRaUE45aGZ3KzBBRE5EWXpyCkZMQzlDUFV0M1dWTlNLUE4yMUpGN0Flajg2YVB1Y2F3STBpUDFWNE9FcUhvaEZUY21TdkI4ZUF2T0s4cElCTnEKVWJuTldWakNZcStBOHVYaWtnd0Z6L2hucXFYYmgycU5LQmQzT1FJREFRQUJBb0lCQVFDeHlva1RCNXJTd0JMWQpuL2ZNL1piK2oxWTdjYjUvbm40Wjg3SEd3NlhjeUVxTStHYWlQUHFEZmFPUUxFdGkvTDZBMHFkc3ZzaUFCaXlpClJvb1Evc3BYWjZScGZoZ2JYZ0tHSlNpQ1FrZ0M0SXV4cEVjZlV4Y1dmbW9zenJTUEF5QXc0RGg2V3JKcXhGbzAKVks5YjVKT1lVWkxBZjlpNzBOTWFaY3FJVEtQL3RvT1R5Q0hwRGhnVlJ0d0lBeS9SaUVjSmpscmJhK0JhcjZMbQpKZkxNQmg4bllyVFVGdHpsK3RTMzIveUxiS2tMem9YcTJvQ3hXc1p0eWhvY2tGdlNUb2l1UTZKSTFDNmlYYjZFClQ4OFBOSkVVbFZDWDBHWmtpWHBET1JaSk5oQlBNcEZsT1BrRGlnYjBKdkFCaUZLQVR0bFRGb21ldTEvUWtCbzgKUVdPUE1RS3hBb0dCQVAwVlJXNkhwQ3M4SjlXVU5XYStmWVE4ek9sRXBkNUl2SGdRWUxXN003TE81bjRRUEtTTgpUSU90ZC9kbEY5VDUzWGw4U2tZNU5JYVNUbWpaSUI4dFVGMkNWNVpua2EzSHdHSVdyd1JValJUOHd6RkJhZTUxCllPRy9iZ0xWS216dldnMmZXVlM3SWlDNFZTKzdHdnRSeG45ZEh4d2h0RUpsNzl4QmVGaEJKTU5uQW9HQkFQd2YKTW1NSnJPdUdBVm4vcTR2eE5VM2JMYjZMbkphMHZGNW5TK3BVV1N3YXA3bW1rRmhwcGRRYStEODU3RFY3VXRRSAo1TTZLOGRIMk14SFNZVGRLeDgxVUhWdVRmdXh1alpHcUhITWxRZ1JRUjJ2VHBRY3lNc21FY3F2QitwalYvUkc4CkNDUHUyZ2dvSEpaUFk5OGJSeEhpempoeGFOZ0lhR1U4MEYxc01PeGZBb0dBTWlEbGVNZ3JMMWtoOXI3OWVOVmcKWFRJQjBHNkZnQ3JlRWRZRW9kcHJtZzQ3UDFzTjkvWDQ0dGdZUEF0dEZnVkw1Z1ZGWFBWMXZ2WDV5L0M5MlE4TApyUW5sT1doWVJaaWNOWkdTcHdQc1Vlemk2TDJ4TXNkVElrUGRrWGdSaURROG5SZ2tCSkZ3YUJTNjR0Sm52TUhzCjFFdG9ueFRaOUpEbVdyVXBGaW9KRXg4Q2dZRUFtUVBhRWMrS2Vqc1BVTzdoejRJcVJzRlNSd1gybUdUQ3VrelkKL3pRSUZzTnFyanNQK2dqTWt5bDNKdkJoa3FmeFFpdzBTc0o3TjJIRDV2b1c5SGJYUXAvZFhYbnNHMVNSYVNtawpNS0laS2dNTEJiOGl0blpaNm9JUEVuMGRPV3NPTjVnMkhKRFhGUUk3TDJLcGkzdkRxM0JLbG1rR0o2OGFwTzYrCnl5UmhvT01DZ1lFQStxM1lnRDVHSGxSeE9DN2pMSDdUSDlsbkZaS3lnY1k4eUNzQTBGYThXQnZ6S0NmdHlQMW0KUkFhK2VCMSt1c3IyZ1dZK1N2VGJKZ1ljMXkvT0ZqeXYwWjdEc1VpZDg0dDNydGZDQXJsbTVZcWxFb0diMjdQQwpsek1XMjRXaDBNNVJsemhWUm5rTDhYOHVJWGRHeldONTFTK3gvZmVGdE9lN0MyMFRpVnNjNGRjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=' |base64 -d > ./ca.crt
#--echo内容来自/root/.kube/config 中的 client-certificate-data------------------------
echo 'LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJUDV5Um4xVEpUQ3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBNE1ESXdOelUxTWpkYUZ3MHlOREE0TURFd056VTFNamhhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQStUL0h2RVpDS2orQ3FrMXAKMlVJYnRkSlZSS3ZKZ2pUeitnMUFOMUV1b3k0RW9QakU4QUhvNmovZWJoZVd4QmRuQVIrY0hJS1VvMzFCS3p3OQpYOVp4ZE5RYUhka1A3c1hKcDhRbUo1NXk4TEVSMGdzNEtWTUlMZHJQUEdWaDRTZ1BMaEZiSFp4UTV1bVRMbWp4CmtXY2xkajl6NkxVb2tNeG9sekRsZG9XTjhiMVhtdE8zMEhJeGIxVmY3OS9EbzVYMEUrOHpubkVBMGwwU1FVL0IKSzJWcWVhMDJ3L3hVWG5IZFpQTjloZncrMEFETkRZenJGTEM5Q1BVdDNXVk5TS1BOMjFKRjdBZWo4NmFQdWNhdwpJMGlQMVY0T0VxSG9oRlRjbVN2QjhlQXZPSzhwSUJOcVVibk5XVmpDWXErQTh1WGlrZ3dGei9obnFxWGJoMnFOCktCZDNPUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRamdJRWpYdDFtb3ljem5yTm1jQThYWDhYRAo2akFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBWUhzMW80UmZFaDRwSWFFVHNFV012RksyOW1XTDZVamFNUzNoCm9FMHRab2RwdElsd3d2blpxcEJxak9HbjFJbFhBejdEKzhhdkdKU1BYL3NmVFhuajBaYXY0U1JoMGtHa3ZWSVkKZlNGWFlpbGtqVjhFZnpaM2grc0FqRVF3Ui9WTHFNQVNoTDdiblpzNnJkQlMzVXc3TUd0bjQxYkRYRTlVV3dTUwpCcWhXMnJLV1U4ek9ZNURIc1ZBWHFXWlJtN2NzUy85YzFwckdQUElMdjlOd2Q4NDVQYnBZK29NQUJJbWVXNlErClh2Uk9VdVYxQ0NIVU5iQUZ0SEh3VGZJSUlXNUVrNzl1Z2Eyc2dUVnBZK1B6K3g0YUpOYmdwV2dPYnlSdmRTOEoKei9qdmp3OEk4Z1o5YWtXQlV3N092LzR3YkI0SE5xUXV6WWxIWUhBNlYrajFlVnNSdFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==' |base64 -d > ./client.crt
#--echo内容来自/root/.kube/config 中的 client-key-data------------------------
echo 'LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBK1QvSHZFWkNLaitDcWsxcDJVSWJ0ZEpWUkt2SmdqVHorZzFBTjFFdW95NEVvUGpFCjhBSG82ai9lYmhlV3hCZG5BUitjSElLVW8zMUJLenc5WDlaeGROUWFIZGtQN3NYSnA4UW1KNTV5OExFUjBnczQKS1ZNSUxkclBQR1ZoNFNnUExoRmJIWnhRNXVtVExtanhrV2NsZGo5ejZMVW9rTXhvbHpEbGRvV044YjFYbXRPMwowSEl4YjFWZjc5L0RvNVgwRSs4em5uRUEwbDBTUVUvQksyVnFlYTAydy94VVhuSGRaUE45aGZ3KzBBRE5EWXpyCkZMQzlDUFV0M1dWTlNLUE4yMUpGN0Flajg2YVB1Y2F3STBpUDFWNE9FcUhvaEZUY21TdkI4ZUF2T0s4cElCTnEKVWJuTldWakNZcStBOHVYaWtnd0Z6L2hucXFYYmgycU5LQmQzT1FJREFRQUJBb0lCQVFDeHlva1RCNXJTd0JMWQpuL2ZNL1piK2oxWTdjYjUvbm40Wjg3SEd3NlhjeUVxTStHYWlQUHFEZmFPUUxFdGkvTDZBMHFkc3ZzaUFCaXlpClJvb1Evc3BYWjZScGZoZ2JYZ0tHSlNpQ1FrZ0M0SXV4cEVjZlV4Y1dmbW9zenJTUEF5QXc0RGg2V3JKcXhGbzAKVks5YjVKT1lVWkxBZjlpNzBOTWFaY3FJVEtQL3RvT1R5Q0hwRGhnVlJ0d0lBeS9SaUVjSmpscmJhK0JhcjZMbQpKZkxNQmg4bllyVFVGdHpsK3RTMzIveUxiS2tMem9YcTJvQ3hXc1p0eWhvY2tGdlNUb2l1UTZKSTFDNmlYYjZFClQ4OFBOSkVVbFZDWDBHWmtpWHBET1JaSk5oQlBNcEZsT1BrRGlnYjBKdkFCaUZLQVR0bFRGb21ldTEvUWtCbzgKUVdPUE1RS3hBb0dCQVAwVlJXNkhwQ3M4SjlXVU5XYStmWVE4ek9sRXBkNUl2SGdRWUxXN003TE81bjRRUEtTTgpUSU90ZC9kbEY5VDUzWGw4U2tZNU5JYVNUbWpaSUI4dFVGMkNWNVpua2EzSHdHSVdyd1JValJUOHd6RkJhZTUxCllPRy9iZ0xWS216dldnMmZXVlM3SWlDNFZTKzdHdnRSeG45ZEh4d2h0RUpsNzl4QmVGaEJKTU5uQW9HQkFQd2YKTW1NSnJPdUdBVm4vcTR2eE5VM2JMYjZMbkphMHZGNW5TK3BVV1N3YXA3bW1rRmhwcGRRYStEODU3RFY3VXRRSAo1TTZLOGRIMk14SFNZVGRLeDgxVUhWdVRmdXh1alpHcUhITWxRZ1JRUjJ2VHBRY3lNc21FY3F2QitwalYvUkc4CkNDUHUyZ2dvSEpaUFk5OGJSeEhpempoeGFOZ0lhR1U4MEYxc01PeGZBb0dBTWlEbGVNZ3JMMWtoOXI3OWVOVmcKWFRJQjBHNkZnQ3JlRWRZRW9kcHJtZzQ3UDFzTjkvWDQ0dGdZUEF0dEZnVkw1Z1ZGWFBWMXZ2WDV5L0M5MlE4TApyUW5sT1doWVJaaWNOWkdTcHdQc1Vlemk2TDJ4TXNkVElrUGRrWGdSaURROG5SZ2tCSkZ3YUJTNjR0Sm52TUhzCjFFdG9ueFRaOUpEbVdyVXBGaW9KRXg4Q2dZRUFtUVBhRWMrS2Vqc1BVTzdoejRJcVJzRlNSd1gybUdUQ3VrelkKL3pRSUZzTnFyanNQK2dqTWt5bDNKdkJoa3FmeFFpdzBTc0o3TjJIRDV2b1c5SGJYUXAvZFhYbnNHMVNSYVNtawpNS0laS2dNTEJiOGl0blpaNm9JUEVuMGRPV3NPTjVnMkhKRFhGUUk3TDJLcGkzdkRxM0JLbG1rR0o2OGFwTzYrCnl5UmhvT01DZ1lFQStxM1lnRDVHSGxSeE9DN2pMSDdUSDlsbkZaS3lnY1k4eUNzQTBGYThXQnZ6S0NmdHlQMW0KUkFhK2VCMSt1c3IyZ1dZK1N2VGJKZ1ljMXkvT0ZqeXYwWjdEc1VpZDg0dDNydGZDQXJsbTVZcWxFb0diMjdQQwpsek1XMjRXaDBNNVJsemhWUm5rTDhYOHVJWGRHeldONTFTK3gvZmVGdE9lN0MyMFRpVnNjNGRjPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=' |base64 -d > ./client.key
#--------------------------
####openssl pkcs12 -export -out ./cert.pfx -inkey ./client.key -in ./client.crt -certfile ./ca.crt
#生成jenkins可以识别的pfx文件(这里会提示输入密码,这个密码是需要在jenkins控制台输入的,需要记住)
openssl pkcs12 -export -out ./cert.pfx -inkey ./client.key -in ./client.crt三、jenkins控制台的操作
- Kubernetes Cloud details
- Kubernetes 地址:https://192.168.20.43:6443
- Use Jenkins Proxy:不勾选(勾选与否不影响实测)
- Use Jenkins Proxy:勾选(勾选与否不影响实测)
- Kubernetes 服务证书 key:填写第二步生产的ca.crt内容(实测是否填写不影响,官方建议填写)
- 禁用 HTTPS 证书检查:这个建议勾选,有正常证书的可以不勾选,k8s地址用域名
- Kubernetes 命名空间:根据实际情况填写
- JNLP Docker Registry:跟进实际情况填写,不影响k8s连接
- 凭据:选择新建(凭据)---jenkins
保存即可
常见报错&对应处理:
1、Error testing connection https://192.168.20.43:6443: io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://192.168.20.43:6443/api/v1/namespaces/dayi-devops/pods. Message: Forbidden!Configured service account doesn't have access. Service account may have been revoked. pods is forbidden: User "system:serviceaccount:dayi-devops:jenkins-awdl4g" cannot list resource "pods" in API group "" in the namespace "dayi-devops".
原因:认证有问题,凭据没建或者创建的不对
2、Error testing connection https://lb.kubesphere.local:6443: java.io.IOException: lb.kubesphere.local
原因:Kubernetes 地址解析不了,我这里设置的是https://192.168.20.43:6443 + 禁止证书检查
3、生成pfx文件时候报错:unable to load certificates
原因:能搜索到的帮助文档建议的生成pfx文件的命令如下
openssl pkcs12 -export -out ./cert.pfx -inkey ./client.key -in ./client.crt -certfile ./ca.crt
我这里用的是(去掉-certfile ./ca.crt)
openssl pkcs12 -export -out ./cert.pfx -inkey ./client.key -in ./client.crt
附加,jenkins安装的插件
K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容
更多推荐
1
0- 0
已为社区贡献31条内容
所有评论(0)