Fabric8 / Minikube:由于授权问题导致Jenkins内置失败

时间:2017-05-16 08:23:35

标签: authorization fabric8 minikube

我想了解有关Fabric8的更多信息,但是,即使是非常简单的项目也无法构建。我在Minikube集群上本地运行它。

设置为:

  • Mac OS Sierra
  • Minikube v0.18.0
  • Fabric8 v0.4.122

所以我在本地Gogs存储库中有一个简单的Spring Boot应用程序。构建失败,显示以下消息:

/usr/bin/git checkout -f d8af29f8af7a498331a244d245fb321003ef110d
/usr/bin/git rev-list d8af29f8af7a498331a244d245fb321003ef110d # timeout=10
[Pipeline] End of Pipeline
io.fabric8.kubernetes.client.KubernetesClientException: An error has occurred.
at io.fabric8.kubernetes.client.KubernetesClientException.launderThrowable(KubernetesClientException.java:57)
at io.fabric8.kubernetes.client.utils.HttpClientUtils.createHttpClient(HttpClientUtils.java:153)
[...]
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)

所以我从Minikube(〜/ minikube / ca.crt)获取ca.crt并将其(base64编码)添加到jenkins-git-ssh秘密中,该秘密将安装在/ var / run /中的Jenkins窗格中秘密/ kubernetes.io / serviceaccount。下一个版本以此错误结束:

/usr/bin/git checkout -f d8af29f8af7a498331a244d245fb321003ef110d
/usr/bin/git rev-list d8af29f8af7a498331a244d245fb321003ef110d # timeout=10
[Pipeline] End of Pipeline
io.fabric8.kubernetes.client.KubernetesClientException: Failure executing: GET at: https://kubernetes.default/. Message: Unauthorized
.

当我使用Minikube的apiserver.crt时会发生同样的情况。

当使用ca.pem时,我得到:

Caused by: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:198)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:102)

只有在秘密中添加apiserver.crt和apiserver.key时,我才能从Jenkins pod访问Kubernetes API。执行

curl -k --cert apiserver.crt --key apiserver.key https://kubernetes.default/.

然后成功 - 但Jenkins构建仍然失败。

所以我有点迷失在这里。有人知道如何继续吗?

谢谢和问候, 丹尼尔

1 个答案:

答案 0 :(得分:1)

我们已经修复但尚未发布。可以找到详细信息https://github.com/fabric8io/fabric8/issues/6829#issuecomment-301467664,其中也介绍了解决方法。

TL; DR您可以编辑jenkins服务帐户并在重新启动jenkins主pod之前删除以下行:

-secrets:       
 -- name: "jenkins-git-ssh"     
 -- name: "jenkins-master-ssh"      
 -- name: "jenkins-release-gpg"

希望有所帮助。

相关问题
最新问题