kubernetes - Jenkins 无法在 EKS 集群内部署应用程序
问题描述
- 拥有 EKS 集群并使用 1.20 版本的单节点组启动并运行
- 然后从 Jenkins 我配置云 k8 连接到我的 API 服务器端点连接测试也成功。
- 我通过 kubernetes yaml 文件部署了 Jenkins,并且我还为 Jenkins 创建了专用的命名空间。
这里是 jenkins 角色、角色绑定、服务帐户和 ns 的完整文件。
命名空间.yaml
apiVersion: v1
kind: Namespace
metadata:
name: jenkins
角色绑定.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: jenkins-role-binding
namespace: jenkins
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: jenkins-role
subjects:
- kind: ServiceAccount
name: jenkins-account
namespace: jenkins
角色.yaml
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: jenkins-role
namespace: jenkins
rules:
- apiGroups: [“”]
resources: [“pods”]
verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
resources: [“pods/exec”]
verbs: [“create”,”delete”,”get”,”list”,”patch”,”update”,”watch”]
- apiGroups: [“”]
resources: [“pods/log”]
verbs: [“get”,”list”,”watch”]
- apiGroups: [“”]
resources: [“secrets”]
verbs: [“get”]
- apiGroups: ["extensions", "apps"]
#
# at the HTTP level, the name of the resource for accessing Deployment
# objects is "deployments"
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
service.account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: jenkins-account
namespace: jenkins
annotations:
eks.amazonaws.com/role-arn: arn:aws:sts::my-arn:assumed-role/DEVELOPER
最后我也验证了角色
[root@ip-10-1-2-3 auto]# kubectl describe role jenkins-role -n jenkins
Name: jenkins-role
Labels: <none>
Annotations: <none>
PolicyRule:
Resources Non-Resource URLs Resource Names Verbs
--------- ----------------- -------------- -----
deployments.apps [] [] [get list watch create update patch delete]
deployments.extensions [] [] [get list watch create update patch delete]
“pods.“”/exec” [] [] [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
“pods”.“” [] [] [“create” ”delete” ”get” ”list” ”patch” ”update” ”watch”]
“pods.“”/log” [] [] [“get” ”list” ”watch”]
“secrets”.“” [] [] [“get”]
看起来一切看起来都很好,但 jenkins 在运行管道构建时仍然无法正确部署,并出现以下错误。
Masking supported pattern matches of $KUBECONFIG
[Pipeline] {
[Pipeline] echo
deploy to deployment!!
[Pipeline] sh
**+ kubectl auth can-i create deployments -n jenkins
no**
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // container
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] }
[Pipeline] // podTemplate
[Pipeline] End of Pipeline
ERROR: script returned exit code 1
Finished: FAILURE
解决方案
推荐阅读
- json - Typo3 v9 - Ajax 插件 JSON 响应为空
- php - file_get_contents():在 Apache2 中创建 SSL 上下文失败,但在 CLI 中有效
- python - 当我运行 cv.imshow 时,出现错误“QSocketNotifier:只能用于以 QThread 启动的线程”
- bash - 在 slurm 中提交依赖作业的问题
- vba - VBA 错误:对象不支持此操作(错误 445)
- python - 如何设置新索引
- java - Kubernetes nginx 入口未访问外部 API
- azure - Azure 管道中存储库的标记引用的通配符
- c++ - 是否可以使用 clang-format 使所有 if 语句成为一个块?
- python - 数据不是来自超类的子类初始化问题