集群中

集群中

关注
发信
关注(28)粉丝(399)

Jenkins Pod无法在私有Kubernetes集群中创建部署

本文介绍了Jenkins Pod无法在私有Kubernetes集群中创建部署的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Jenkins在私有GKE集群中作为Pod运行.当前,在使用Helm执行部署时,会遇到以下错误.

Jenkins is running as a pod in a private GKE cluster. Currently when executing deployments using helm, the following error is encountered.

用户"system:serviceaccount:jenkins:jenkins"无法在名称空间"kube-system"的API组"中列出资源"pods"

User "system:serviceaccount:jenkins:jenkins" cannot list resource "pods" in API group "" in the namespace "kube-system"

用于部署的命令是

helm install --values =/values_env.yaml --name/--set image.repository = --set image.tag = --namespace

helm install --values=/values_env.yaml --name / --set image.repository= --set image.tag= --namespace

用户"system:serviceaccount:jenkins:jenkins"无法在名称空间"kube-system"的API组"中列出资源"pods"

User "system:serviceaccount:jenkins:jenkins" cannot list resource "pods" in API group "" in the namespace "kube-system"

推荐答案

服务帐户jenkins没有特权列出pods kube-system.您必须使用这些特权创建Roles并将其与ClusterJoleBinding/RoleBinding以及jenkins服务帐户绑定.

The service account jenkins doesn't have privileges to list pods kube-system.You have to create Roles with those privileges and bind it with a ClusterRoleBinding / RoleBinding along with jenkins service account.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
rules:
- apiGroups:
  - ""
  resources:
  - services
  - endpoints
  verbs:
  - get
  - list
  - watch
  - create
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - list
  - watch
  - update
  - create
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - delete
  - list
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - extensions
  resources:
  - ingresses
  verbs:
  - list
  - watch
  - get
- apiGroups:
  - "extensions"
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - apps
  - extensions
  resources:
  - deployments
  verbs:
  - get
  - list
  - watch
  - create
  - update
  - patch
  - delete
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: jenkins
subjects:
- kind: ServiceAccount
  name: jenkins
  namespace: jenkins
roleRef:
  kind: ClusterRole
  name: jenkins
  apiGroup: rbac.authorization.k8s.io

这篇关于Jenkins Pod无法在私有Kubernetes集群中创建部署的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-13 12:24
Powered by LMLPHP ©2025 集群中 0.037474