kubectl应用来自服务器的错误(禁止),需要身份验证-Jenkins

问题描述 投票:0回答:1

我在Windows 10上安装了Jenkins,minikube群集是Virtual Box VM

在minikube群集上,我使用此Yaml创建了服务帐户:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: jenkins
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: jenkins
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
  resources: ["pods/log"]
  verbs: ["get","list","watch"]
- apiGroups: [""]
  resources: ["secrets"]
  verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: jenkins
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins

列出sa:

kubectl get sa
NAME      SECRETS   AGE
default   1         128m
jenkins   1         99m

kubectl describe sa jenkins
Name:                jenkins
Namespace:           default
Labels:              <none>
Annotations:         kubectl.kubernetes.io/last-applied-configuration:
                       {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"jenkins","namespace":"default"}}
Image pull secrets:  <none>
Mountable secrets:   jenkins-token-rk2mg
Tokens:              jenkins-token-rk2mg
Events:              <none>

我使用了该帐户的令牌,并在Jenkins上配置了Kubernetes插件,连接已成功完成

enter image description here

在Jenkins文件中,我添加了阶段以获取kubectl版本:

stage('Check kubectl version') {
         steps {
                 sh 'kubectl version'
          }
      }

我得到:

+ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:20:10Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"windows/amd64"}
Error from server (Forbidden): <html><head><meta http-equiv='refresh' content='1;url=/login?from=%2Fversion%3Ftimeout%3D32s'/><script>window.location.replace('/login?from=%2Fversion%3Ftimeout%3D32s');</script></head><body style='background-color:white; color:white;'>


    Authentication required
    <!--
    You are authenticated as: anonymous
    Groups that you are in:

    Permission you need to have (but didn't): hudson.model.Hudson.Read
     ... which is implied by: hudson.security.Permission.GenericRead
     ... which is implied by: hudson.model.Hudson.Administer
    -->
jenkins kubernetes kubectl minikube
1个回答
0
投票
您的身份验证为:匿名

您必须认证为您为詹金斯创建的ServiceAccount jenkins

在您的Jenkinsfile步骤/阶段中使用withCredentials,并加载属于jenkins的ServiceAccount的令牌。您必须首先使用属于您生成的ServiceAccount的令牌来识别机密。

使用kubectl命令时,请指定您要使用令牌进行身份验证,并可能要为ApiServer进行服务器主机名验证。

例如像这样的东西:

kubectl apply -f <diretory-or-file> --token $TOKEN_FROM_WITH_CREDENTIALS --server apiserver.hostname.local

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.