♥ Jenkins的分布式构建,在Jenkins的配置中叫做节点,分布式构建能够让同一套代码或项目在不同的环境(如:Windows和Linux系统)中编译、部署等。
♥ 将jenkins项目发布在不同服务器上(分布jenkins工作空间,部署项目到不同服务器)这就形成了jenkins的分布式。节点服务器不需要安装jenkins,只需要运行一个slave节点服务,构建事件的分发由master端(jenkins主服务)来执行。
一、缘起
CICD的思想目前对于每一个正规的软件开发团队基本都是必填项,那么一般来讲Jenkins的应用自然沦为了刚需。
Jenkins目前在单台Vm虚机上基于docker容器化部署,当Jenkins用了一段时间以后,发现每天的Jenkins 构建次数日益剧增,逐渐出现了Jenkins访问速度慢,卡顿,甚至直接终止服务响应的情况。由于底层是基于Vm,那么申请了一些物理资源,暂时解决了问题。
随后,随着几个项目组的构建需求频繁增长,每天Jenkins的构建次数会超过500次,此时显然原有部署结构已经不够支撑了。Jenkins服务各种卡死,无响应白屏频频发生。不过出现这个问题,也是意料之内,但是就是相对棘手了些。
由于现有服务器资源相对有限,直接开几台高配置Vm,可能会比较简单粗暴的解决问题,但成本相对较大,也不利于资源利用。因为Jenkins工作日时间也分忙时闲时。
二、解决思路
1. 痛点梳理
构建任务高峰期,Jenkins服务频发不可用状态
服务虚机资源有限,不能随意调用空闲资源
Jenkins 服务器宕机后需要人工手动重启
Jenkins通过kubernetes plugin连接K8s集群
一、Jenkins安装kubernetes plugin插件
1.1 点击左侧系统管理
1.2 点击插件管理
1.3 安装插件Kubernetes plugin
1.4 安装好后重启Jenkins
浏览器输入http://10.0.0.151:8080/restart,页面点击“是”重启Jenkins
二、进入配置页
2.1 左侧点击系统管理
2.2 点击节点管理
2.3 点击Configure Clouds
三、配置
3.1 下拉框选择Kubernetes
3.2 点击Kubernetes Cloud details…进入配置详情页
3.3 填入认证信息
需要填写红框内的4个内容
Kubernetes 地址
在集群里使用命令查看
https://10.0.0.151:6443就是地址
[root@k8s151 ~]$ kubectl cluster-info
Kubernetes control plane is running at https://10.0.0.151:6443
KubeDNS is running at https://10.0.0.151:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Kubernetes 服务证书 key
为/root/.kube/config中的certificate-authority-data部分,并通过base64加密
终端输入下面的命令查看certificate-authority-data:
[root@k8s151 ~]$ cat .kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ERXhNakExTVRJd00xb1hEVE16TURFd09UQTFNVEl3TTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWtWClk5ZkxhWlpJYXdIOEpDUDVvdndHZU5uOHpaRUluZHhONjBnUVF5QXlSNXFHVkt2NTdUek1IVlY5bWtFMEF4QWgKRHJQbEFBVXVDaWJqbm1UeHJNSTduWkIrNDlObVJ4RmQ3OVhpanZWRmFoSklIUnd0SG8vZFhmNTA0NFFwT3A1ZQpZRHR2alAvL1lubXo5dUY0eFBQS1BWTjBRWWFTLzVsMnpFVkQ5N2JjUWFGd2pCWDFvbXpUQng1SkxNVVlpalRECmVKR2ZmZ0labHVUM3JpbFpuazN2amhsblpRdkFtQUR0ajRFRDVrcTZEUXdvaGU0TWxvQit0azgvL0cyeXB0SEEKMjhwQThVT0FPQjRUQ3dUSlRpYmVhM3dERGNVeDdrZ1JaRHZsTGJBRkpmL2MzcGozOElXNVJxVGFaVFB0YkZMYgpKMGRrczJMMXlXdmlRUHZkQTlzQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDZ3JOV25tWkpsVm5UMmI5aUtjRE13YlRXL05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbE1LNDVJS3hpZDIzdDFzbldCN0w3UDh3UG5RWThheTlLZGFVbldQdTVtcFBCbnBMVQpGdUx6MVE1YjdVY0ltdCswZGN1T3FXKzhFTUU3cU80ekd2WHp1WFk3blU3eG9OU1RBOWxlSGNrMFlWRnpra0UvCnI3WHViU05GZHBacW5PTUtOTlBtRHBoQUx0VzkwYkl1SkE0a1dXUVRmVE15V2ZIL2NtRWlDaFVpSGR3UmF4RVQKeVNOZ2J1Wm1BNGpYSm93TndNejAxQ3FRYWJqWnhIOFZxaFRoMGJOakJ1MXArQVArTzVYemNNcllMSjF0cnV2RgptMVQxN0JuQW50M2xrRmZST3doMXlyQ3E3QTZVVzZUSWwrNHZDb0haVW1lZFlVT1JVNGk3bGRMb3ZCMEFDT3dLCkU0VEdwalJnc21RL0hCVTBKcEFQekxud0N3d2x0L2ZZWitYOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://10.0.0.151:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lJUEdFZ3Y5R3R5bGN3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpBeE1USXdOVEV5TUROYUZ3MHlOREF4TVRJd05URXlNRFJhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQTZXVERMQWFVTnhQMmlwalkKS1ZvQTZwTUE4RDM5c1lQVU1FSHh5Mkp5QTRqQVBkUkRjNmJLZ3NibTlHMEdWSER4aGNrTmV6SWQ5aFI4aFJabwp2STl2dGY5c3VvZmJSUUphcDNTMjNrdmNlUHdlb25YSjhtYkc3VklrQUlqT0U2dW1EalZqaHJVOGgwaTJ2emlVCjhESFc2QnhPbWVXUGFxZ1pBUC81TkU1cEQwM3QzTTlpb2pCMU9mVzNLM056WGtrdzZWcFhRNkMwclR3MnNtMnIKelg3V1B2ZTdQV1V6Qi9GeFR2T21yVDNLSkZMTEo4OHQ2OFJ6VXZHV3lZaXdxalVudUpvV2VTLzRGRTJEVkhyOQpwSUJ4b2lKQzdTMHRqSmVqMGpUQVBYRGhDNmtwU2tWZk8yNEVIeFAzZkx2WndhK1FROUlPNFhQM21DUHNTTzl4CmNIeVBPd0lEQVFBQm8wZ3dSakFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0h3WURWUjBqQkJnd0ZvQVVLQ3MxYWVaa21WV2RQWnYySXB3TXpCdE5iODB3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFMZk92UTA1YmJjYW5lS2dkWnV4TlVDcEdITnJVWCs4SkFrZ09rbW5FVGFuVTNLTGJnMUNrU0NECkxORFd0TWQ3c2tqb1dsUGprZ0dxekdKdStqbDZ5UmhwR0k4RVAveTlIcGdsRGZ4MjZWc01WcDFDa2J3Z2RnRGcKUVZDaFVoSXgrRnRKVnlQY3UraUsrSHdiclR0MVZjRUtaME52YmhYRGRoTTMyRmgvKzcrQWFmK3FNZ1JNVWRsYgpjY25VNklDRzQ0VGpQUks1dk5TQ204ek5kYU1kRFR0UkQwVHp3ZkpXMnZhb1kxb1FWd0dmN2FNdksxMGw5OFJTCnI2cmdNUGNoeXUrRGp6NU15Y1V0OVJEQTRIekdFVG1ySGpzUm5KVHpkV3NBU1FKTmRLREQ4RWIzYzV4ZVF0TEQKaHJTWGJRT0l3RmUrTGRJN3RqaTJuNFlyWkJnUzd3ND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBNldURExBYVVOeFAyaXBqWUtWb0E2cE1BOEQzOXNZUFVNRUh4eTJKeUE0akFQZFJECmM2Yktnc2JtOUcwR1ZIRHhoY2tOZXpJZDloUjhoUlpvdkk5dnRmOXN1b2ZiUlFKYXAzUzIza3ZjZVB3ZW9uWEoKOG1iRzdWSWtBSWpPRTZ1bURqVmpoclU4aDBpMnZ6aVU4REhXNkJ4T21lV1BhcWdaQVAvNU5FNXBEMDN0M005aQpvakIxT2ZXM0szTnpYa2t3NlZwWFE2QzByVHcyc20ycnpYN1dQdmU3UFdVekIvRnhUdk9tclQzS0pGTExKODh0CjY4UnpVdkdXeVlpd3FqVW51Sm9XZVMvNEZFMkRWSHI5cElCeG9pSkM3UzB0akplajBqVEFQWERoQzZrcFNrVmYKTzI0RUh4UDNmTHZad2ErUVE5SU80WFAzbUNQc1NPOXhjSHlQT3dJREFRQUJBb0lCQUJQM3lmYnZUU2oxTFVlbwpVZjRmdENwZGoxditnY0Q1UFdNdmtTZE1jZUs1aFhFRXd3eVcvWVo0eS9PbmpENFhONkt4azlTeGNmekd2ZXlKCkFVYjRvcDhZamszYko3aGN2akxMZW9YRVNjV1VGRzdqMHZaSk1zWEZIRTFyWnU0cDVsZ2EyendBTDRDSGlSTU4KSFRqN21wNWJKYUpuRUlFWWhxTWVRMHpsVkhtNWtFWW80TFZQUnR3NUJoOU1OU3VJYkF6elkvZEgrSTViNWFZSApnbjlsR3FoQmR4eUN5YXUzVDhoc2t4TDROU2F6VjdCSWV4R0ZhcFdsSzhrYVhnOEg2cCtlcUZ5S2M0YUxLdzl5CjRlbWdaYndWWElRVUxweHVtblJJdThCdUY1b0swUnI4UUZLUGl0QmE2QUd2T2VzZzE3b0l4Q1dmOWttcUZqSVIKZTBtTkg3a0NnWUVBOEQ5eTFYekQ0T3QwWUVPbzdKVkd4SVZPdkZBK3ZBWVdUUjlpcFl2bVJ6OUtMbFdSdmJZLwpmOHdxTzJEZ2FSWng5NXcvSzYvY1l6bXUzQzZiS0hESmVKUit1aEg5TDNrM1ZpR3FFMndNKzBxWkE2RjJwK1c0CnlFcGFRekRoUDFwczRXM2hMN3cwVGRuanNHaDlBVE05VmlBZUE2QmtqT21PTmI0WkNrOG9ra2NDZ1lFQStMSkQKL21uR0Qwak5xWjhpcTFLamtSVUp5R1VHd1hBenA2WVRMRXNFL2ZtWmxObmNDSllYSklXbG1lTzBuK0g2cG90VApscEwva2s5cjJLNUhqNDZTamVETG1VRlB1aTJwQnpxcjlqU0NwazVEYVBYdjFnYXgrMUF3VW9qa2pYWEZTcEJQClpiOFBka04zWlNQbE1Yc0IwMTdsOEdQTTVlMkhiY0gxNDkwOEFXMENnWUJUWjdPV0tocFdtMmRyaEJIQkVKSGcKNStiTnVZNE4rSThGZHovbitRbVk4bi91VmdhaXRnS1ZlMnV0OFpQMjU3UHBJblZMMVdITmtOa0QxNnBGLytIeAoycHVrUFZxSWdLeVZXbHFSSTVIZUs2ZXpldnFXajBuM1B0alhPc0Q0SFl4dk5wWlczQi9NWnppRXBjSEFDT25pClhJUU8vai9xSzZzVFBVdTBLSWNOUVFLQmdHK29HYjd2M215ZVV6Z0VxcHdnemk4bE11ODE3SUtNemFSSGUvUTIKK2xiTTZaZGErTjhpQStIeDN4Zm9rLy8waFlTZ3FUYkJhTjFYcXlQdG0xTm92NFBUbVpXRkxUWjVxWm9GVFkrTQpvOXZtNTMwSWJsVzVTODk1Z1RpTkhaQWxnQjZxQy91eWZFNnNtNzVkRDFuWDBFb0dJVlo4ZUZJREF2clVTb0d6Cm9tMUJBb0dBSXZ4UzdTVU9BcXI3MFFIMEE1eFpHcHdjbFk1ZzJVMTdTK1ZRTXJjTlEzL01BdDBqUDBhcmFUUXUKNGF0KzBjZ1RNakRydDJTUEo3TC9GQy9mZTVaM0pOYlJTUGpNTW5ZZEtTUFJwcVVOV3JYZVJGenN0cXM2UVZLYgpKZHB6a3g2ZWk3Z0Z3eGtMVUhUVjBRdzBjN21iUlBLYlduakU3T1FjSEJuNnVsUTlLZWs9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
在执行下面的命令进行base64加密:
echo "certificate-authority-data冒号后面的内容" | base64 -d
[root@k8s151 ~]$ echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJek1ERXhNakExTVRJd00xb1hEVE16TURFd09UQTFNVEl3TTFvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTWtWClk5ZkxhWlpJYXdIOEpDUDVvdndHZU5uOHpaRUluZHhONjBnUVF5QXlSNXFHVkt2NTdUek1IVlY5bWtFMEF4QWgKRHJQbEFBVXVDaWJqbm1UeHJNSTduWkIrNDlObVJ4RmQ3OVhpanZWRmFoSklIUnd0SG8vZFhmNTA0NFFwT3A1ZQpZRHR2alAvL1lubXo5dUY0eFBQS1BWTjBRWWFTLzVsMnpFVkQ5N2JjUWFGd2pCWDFvbXpUQng1SkxNVVlpalRECmVKR2ZmZ0labHVUM3JpbFpuazN2amhsblpRdkFtQUR0ajRFRDVrcTZEUXdvaGU0TWxvQit0azgvL0cyeXB0SEEKMjhwQThVT0FPQjRUQ3dUSlRpYmVhM3dERGNVeDdrZ1JaRHZsTGJBRkpmL2MzcGozOElXNVJxVGFaVFB0YkZMYgpKMGRrczJMMXlXdmlRUHZkQTlzQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZDZ3JOV25tWkpsVm5UMmI5aUtjRE13YlRXL05NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFDbE1LNDVJS3hpZDIzdDFzbldCN0w3UDh3UG5RWThheTlLZGFVbldQdTVtcFBCbnBMVQpGdUx6MVE1YjdVY0ltdCswZGN1T3FXKzhFTUU3cU80ekd2WHp1WFk3blU3eG9OU1RBOWxlSGNrMFlWRnpra0UvCnI3WHViU05GZHBacW5PTUtOTlBtRHBoQUx0VzkwYkl1SkE0a1dXUVRmVE15V2ZIL2NtRWlDaFVpSGR3UmF4RVQKeVNOZ2J1Wm1BNGpYSm93TndNejAxQ3FRYWJqWnhIOFZxaFRoMGJOakJ1MXArQVArTzVYemNNcllMSjF0cnV2RgptMVQxN0JuQW50M2xrRmZST3doMXlyQ3E3QTZVVzZUSWwrNHZDb0haVW1lZFlVT1JVNGk3bGRMb3ZCMEFDT3dLCkU0VEdwalJnc21RL0hCVTBKcEFQekxud0N3d2x0L2ZZWitYOQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | base64 -d
-----BEGIN CERTIFICATE-----
MIIC5zCCAc+gAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwprdWJl
cm5ldGVzMB4XDTIzMDExMjA1MTIwM1oXDTMzMDEwOTA1MTIwM1owFTETMBEGA1UE
AxMKa3ViZXJuZXRlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkV
Y9fLaZZIawH8JCP5ovwGeNn8zZEIndxN60gQQyAyR5qGVKv57TzMHVV9mkE0AxAh
DrPlAAUuCibjnmTxrMI7nZB+49NmRxFd79XijvVFahJIHRwtHo/dXf5044QpOp5e
YDtvjP//Ynmz9uF4xPPKPVN0QYaS/5l2zEVD97bcQaFwjBX1omzTBx5JLMUYijTD
eJGffgIZluT3rilZnk3vjhlnZQvAmADtj4ED5kq6DQwohe4MloB+tk8//G2yptHA
28pA8UOAOB4TCwTJTibea3wDDcUx7kgRZDvlLbAFJf/c3pj38IW5RqTaZTPtbFLb
J0dks2L1yWviQPvdA9sCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB
/wQFMAMBAf8wHQYDVR0OBBYEFCgrNWnmZJlVnT2b9iKcDMwbTW/NMA0GCSqGSIb3
DQEBCwUAA4IBAQClMK45IKxid23t1snWB7L7P8wPnQY8ay9KdaUnWPu5mpPBnpLU
FuLz1Q5b7UcImt+0dcuOqW+8EME7qO4zGvXzuXY7nU7xoNSTA9leHck0YVFzkkE/
r7XubSNFdpZqnOMKNNPmDphALtW90bIuJA4kWWQTfTMyWfH/cmEiChUiHdwRaxET
ySNgbuZmA4jXJowNwMz01CqQabjZxH8VqhTh0bNjBu1p+AP+O5XzcMrYLJ1truvF
m1T17BnAnt3lkFfROwh1yrCq7A6UW6TIl+4vCoHZUmedYUORU4i7ldLovB0ACOwK
E4TGpjRgsmQ/HBU0JpAPzLnwCwwlt/fYZ+X9
-----END CERTIFICATE-----
Kubernetes 命名空间
使用default默认就好
这地方需要添加一个凭借
在弹出的页面中类型选Secret text
下面的Secret通过终端添加:
- 创建一个
[root@k8s151 ~]$ kubectl create sa jenkins
serviceaccount/jenkins created
- 获取token名
[root@k8s151 ~]$ kubectl describe sa jenkins
Name: jenkins
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: jenkins-token-j5gd6 #这个就是token名
Tokens: jenkins-token-j5gd6
Events: <none>
获取token值
[root@k8s151 ~]$ kubectl describe secrets jenkins-token-j5gd6 -n default
Name: jenkins-token-j5gd6
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: jenkins
kubernetes.io/service-account.uid: 1363df30-acbc-4664-ab2f-4a311622c306
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 7 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IkFMcWtERjZsZzE2aXZZWWxkX3NrX2tzQllOejVkd2xEV2ZrM1lhRmliOVUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImplbmtpbnMtdG9rZW4tajVnZDYiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiamVua2lucyIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjEzNjNkZjMwLWFjYmMtNDY2NC1hYjJmLTRhMzExNjIyYzMwNiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0OmplbmtpbnMifQ.M1k9MkA0iiy9LtFIueMQB3ZQmZYI0uYLGgHcM7jNIZTpgl6d53XohQtyCX3IURJlRL8sDleSsJYcBDMaStq4NsGIoEXF5NZDXd77aFDsfSozr4KpBtAZ49qKhFD1ebe-lXp80AlUw6puO6u7WkEoJAH34gVlMqOTujbCC52NVma_wp_Qrm682LKBYr8vFsp-Z4IB4IAK1UP2X17oCojAEGJpjBAH1yhZLGnbCGGN_39h5fcfIx77VpfWKz_3MrzSuIfYZmcrI51d1io82dRdzSunEWw2KKtbtvGVNJsM7EXxOB_zTRaHRRjJf79lJ3c_RPY5IroWQSYspS63RJeu2g
上图中的token即为Secret填入的内容
最后的描述可以随意填写
点击添加,凭据就好了
四、使用rbac授权
Jenkins通过kubernetes-plugin对k8s进行操作,需要在k8s内提前进行rbac授权。为方便管理,我们为其绑定cluster-admin角色。当然也可以进一步缩小使用权限。
k8s内置了很多集群角色
k8s 内置cluster role(集群角色) cluster-admin、admin、 edit、 view的作用范围及区别_学亮编程手记的博客-CSDN博客
#创建serviceaccounts
kubectl create sa jenkins #给k8s创建一个jenkins用户
#对jenkins用户绑定cluster-admin角色(cluster-admin相当于内置的root用户)
kubectl create clusterrolebinding jenkins --clusterrole=cluster-admin --serviceaccount=default:jenkins
我们也可以创建一个角色,因为cluster-admin的角色权限比较高
创建一个service-reader角色
cat >service-reader.yaml<<'EOF
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: default
name: service-reader
rules:
- apiGroups: [""]
resources: ["services"]
verbs: ["get", "watch", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get","list","patch","watch"]
EOF
kubectl apply -f service-reader.yaml
#对jenkins用户绑定service-reader角色(cluster-admin相当于内置的root用户)
kubectl create clusterrolebinding jenkins --clusterrole=service-reader --serviceaccount=default:jenkins五、验证
点击连接测试,左侧显示k8s集群版本
![[oeasy]python0048_取整_int_float_浮点型_cast_扮演_tab_制表键_制表符](https://img-blog.csdnimg.cn/img_convert/ce5ec2ce028879451d52c499881ec131.png)
